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IT  Challenged  on 
Managing  Storage, 
Securing  Data 

Conference  attendees  look  for  ways  to  improve 
on  disaster  recovery,  backups  and  encryption 


BY  LUCAS  MEARIAN 

ORLANDO 

Despite  advances  in  storage 
technology,  IT  managers  are 
still  concerned  about  their 
ability  to  secure  data,  ensure 
it’s  available  to  valid  users, 
track  who  uses  it  and  manage 
it  effectively,  said  attendees  at 
last  week’s  Storage  Network¬ 
ing  World  conference  here. 

Hurricane  Wilma,  which 
struck  southern  Florida  last 
Monday,  offered  examples  of 
the  difficulties  of  keeping  data 


available  to  users  after  a  nat¬ 
ural  disaster,  according  to  one 
IT  executive  at  the  show. 

Ralph  Barber,  CIO  at  Hol¬ 
land  &  Knight  LLP  in  Tampa, 
Fla.,  said  Wilma  knocked  out 
several  branch  offices  of  his 
law  firm,  which  has  about  450 
servers  and  two  storage-area 
networks  that  support  about 
3,000  users. 

Holland  &  Knight  replicates 
data  between  data  centers  in 
Tampa  and  Denver  and  uses 

Securing  Data,  page  16 
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The  Earliest 
Adopters 


SPV  STOPPERS 

FIGHT  BACK 


With  spyware  identified  as  a  top  IT  security 
concern,  companies  are  mounting  a  counter¬ 
attack  with  new  tools  and  strategies  -  and 
they’re  gaining  ground.  Find  out  howthey’re 
banishing  the  unwanted  software.  PAGE  23 


Politics  Prevail  Over  Portfolio  Management 


Steering  committees 
still  clash  over  which 
IT  projects  to  fund 

BY  THOMAS  HOFFMAN 

LAS  VEGAS 

When  IT  portfolio  manage¬ 
ment  software  and  techniques 
came  into  vogue  a  few  years 
ago,  many  IT  executives  main¬ 
tained  that  such  tools  would 
remove  politics  from  IT  proj¬ 
ect  prioritization  debates. 

Proponents  of  the  new  ap¬ 
proach  said  it  would  enable  IT 
steering  committees  to  rank 
the  anticipated  value  of  pro¬ 
posed  projects  by  calculating 
the  expected  return  on  invest¬ 
ment,  strategic  impact  and 
other  quantifiable  criteria. 

But  that  promise  has  not 
been  fulfilled,  said  IT  man¬ 
agers  attending  the  IT  Finan¬ 
cial  &  Asset  Management 


Summit  West  here  last  week. 

“IT  portfolio  management 
techniques  don’t  help  you  get 
past  politics,”  said  Becky 
Hamilton,  an  information 
management  director  at  Pio¬ 
neer  Hi-Bred  International 
Inc.,  a  commercial  seed  pro¬ 
ducer  in  Johnston,  Iowa,  that’s 
a  subsidiary  of  Du  Pont  Co. 

“I  can’t  imagine  any  tool 
would  remove  organizational 
dynamics”  from  discussions  on 
IT  project  prioritization,  said 
Sam  Coursen,  CIO  at  Freescale 


Semiconductor  Inc.  in  Austin. 

Coursen,  like  Hamilton,  was 
a  speaker  at  the  conference, 
which  was  organized  by  the 
International  Quality  &  Pro¬ 
ductivity  Center  in  New  York. 
He  noted  that  Freescale’s  ex¬ 
ecutive  committee  has  a  dollar 
cap  in  place  that  “forces  the 
group  to  focus  on  the  top  20% 
of  projects  that  are  expected 
to  deliver  the  most  value.” 

IT  portfolio  management 
tools  “won’t  depoliticize  any¬ 
thing,”  said  Bernie  Donnelly, 
vice  president  of  quality  assur¬ 
ance  at  Philadelphia  Stock  Fx 
change  Inc.  Instead,  “it’s  about 
having  a  rigorous  process”  for 
prioritizing  IT  projects,  Don 
nelly  said.  “That’s  what  works.” 

Some  IT  managers  inter¬ 
viewed  by  Computerworld 
over  the  past  four  years  main¬ 
tained  that  IT  portfolio  man- 
Politics,  page 
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STORAGE  ROOM  TRANSFORMED  INTO  PEDIATRIC  CLINIC-  Bumrungrad  Hospital,  Southeast 
Asia’s  largest  healthcare  facility,  created  a  kid-friendly  pediatric  clinic  out  of  a  10,000-square-foot 
medical  records  unit.  How?  An  ultra-scalable,  4-way  Intel®  Xeon®  processor-based  system 
improved  data  reliability  and  made  records  paperless.  Read  more  about  Bumrungrad  Hospital’s 
experience  with  Intel  built  in  at  intel.com/builtin. 


The  new  Canon  imageRUNNER  solutions  and  support  addressed 
Don  's  concerns  about  seamless  network  integration,  secured  printing 
and  managing  network  devices.  Hence,  Don's  no  longer  concerned. 


Don’s  company  isn’t  doing  business  as  usual.  What  about  your  company?  We’re  well  aware  of  your  daily  challenges  as  the  gatekeeper 
or  your  company’s  network.  And  we  totally  understand.  That’s  why  Canon’s  imageRUNNER®sotutions  are  raising  the  bar  for  how  well  network  devices 
work  and  how  seamlessly  they’re  integrated.  You’ll  appreciate  enhanced  security  features  that  include  a  secured  print  function  for  document 
confident'?!, 'ty,  user  authentication,  NetSpot®and  Remote  III™  for  easily  managing  network  devices.  In  addition,  you  get  entirely  new  systems  across 
our  fuii  hne  o-  im.  geRUNNER  solutions,  which  offer  intuitive  technology  that  works  with  you,  not  against  you.  You 

can  also  ...  ■  e  your  current  investment  to  be  leveraged,  your  concerns  to  be  addressed  and  the  potential  of  your  1  | 

workday  e  N  r  , sided.  Which  means  no  more  business  as  usual.  1-800-OK-CANON  www.imagerunner.com 
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■  'i  trademarks  of  Canon  Inc  ,  in  Ihe  United  States  and  may  also  be  registered  trademarks  in  other  countries.  IMAGEANYWARE  and  Remote  Ul  are  trademarks  of  Canon  U  S.A  ,  Inc. 
*d  Products  shown  with  optional  accessories 
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Redefining  Cool 

In  the  Technology  section:  chandrakant  Patel 
discusses  the  research  that  he  and  the  rest  of 
the  “Cool  Team”  are  pursuing  at  HP  Labs.  He 
says  it  could  lead  to  cooler  data  centers  that 
use  50%  less  energy.  Page  28 


ITIL  Catches  On 

In  the  Management  section:  Users  like  Kevin 
McLaughlin  of  Procter  &  Gamble  say  the  British 
import  is  gaining  popularity  as  a  framework  for 
standardizing,  integrating  and  managing  IT  ser¬ 
vices  delivery.  Page  39 
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6  In  Depth:  Microsoft’s  Tech¬ 
nology  Adoption  Program  lets 
users  influence  R&D  and  get 
top-level  support.  But  it’s  a 
rigorous  process  that  requires 
substantial  commitment. 

10  Unisys  looks  to  shift  its 

mainframe  line  to  Intel  CPUs, 
although  no  development 
plans  have  been  set  in  stone. 

10  Atlanta’s  airport  launches  a 
Wi-Fi  network  for  travelers 
and  will  give  users  a  choice  of 
wireless  Internet  access  ser¬ 
vice  providers. 

12  Informatica  claims  to  trump 
IBM’s  data  integration  soft¬ 
ware  with  an  upgrade.  But  the 
new  version  isn’t  due  to  ship 
until  April. 

12  The  Air  Force  and  the  Penta¬ 
gon  plan  to  integrate  their 
Web  services  registries. 

14  Global  Dispatches:  Computers 
in  Russia  are  being  attacked 
by  two  new  versions  of  a 
virus,  and  an  African  agency 
urges  open-source  adoption. 

14  Skype’s  peer-to-peer  VoIP 
software  presents  security 
challenges  for  IT,  as  two  new 
critical  flaws  attest. 

16  Storage  Networking  World: 
Users  rethink  their  disaster 
recovery  plans,  looking  for 
ways  to  ensure  that  data  can 
be  restored. 

53  Q&A:  Freescale  Semiconduc¬ 
tor’s  new  CIO,  Sam  Coursen, 
discusses  his  efforts  to  build 
up  an  IT  operation. 


TECHNOLOGY 

23  Spy  Stoppers  Fight  Back. 

The  emergence  of  enterprise- 
class  antispyware  technolo¬ 
gies  is  helping  IT  gain  control 
over  the  unwanted  programs. 

30  QuickStudy:  MTBF.  Mean 
time  between  failures  is  a 
measure  of  hardware  reliabili¬ 
ty,  usually  expressed  in  hours, 
indicating  the  working  life¬ 
time  of  a  given  component. 

34  Security  Manager’s  Journal: 
Making  the  Move  From  IDS 

to  IPS.  Mathias  Thurman 
decides  to  shift  from  an 
intrusion-detection  system 
to  inline  intrusion-prevention 
technology. 

MANAGEMENT 

44  Career  Watch.  Peter  Pres- 
land-Byrne  of  Countrywide 
Financial  answers  readers’ 
questions  on  career  choices. 
Plus,  we  look  at  stupid  inter¬ 
view  questions,  top  books  and 
what  makes  “millennials”  so 
different  —  or  not. 

46  Book  Reviews:  The  Human 
Nature  of  Management. 

Thomas  Hoffman  offers  cri¬ 
tiques  of  new  titles  on  leader¬ 
ship  and  the  people  side  of 
business  process  manage¬ 
ment,  as  well  as  an  IT  project 
management  “cheat  sheet.” 

48  Managers’  Forum.  Paul  Glen 
offers  advice  on  how  to  fix  a 
project  with  too  many  spon¬ 
sors  and  what  to  do  about 
the  manager  whose  informal 
adviser  seems  to  be  running 
the  show. 


OPINIONS 

8  On  the  Mark:  Mark  Hall  re¬ 
ports  on  a  software  vendor 
that’s  asking,  Why  not  let 
business  analysts,  rather  than 
IT  developers,  write  the  rules 
into  applications  themselves? 

20  Don  Tennant  heard  from  read¬ 
ers  after  last  week’s  editorial 
decrying  the  fact  that  men  in 
IT  continue  to  make  more 
money  than  women.  He  ac¬ 
knowledges  that  there  are  fac¬ 
tors  that  may  contribute  to  the 
disparity,  but  he  believes  no 
one  can  substantiate  a  claim 
that  the  status  quo  is  fair. 

20  Virginia  Robbins,  finding  her¬ 
self  involved  in  yet  another 
acquisition,  has  advice  for  IT 
managers  on  either  end  of 
such  transactions. 

21  Michael  Gartenberg  believes 
we’re  moving  beyond  “digital 
ubiquity”  to  a  state  of  “contex¬ 
tual  flow.” 

36  Martin  MC  Brown  prefers 
OpenSolaris  to  Linux  because 
it  doesn’t  have  the  distribu¬ 
tion  and  compatibility  prob¬ 
lems  inherent  in  Linux. 

54  Frankly  Speaking:  Frank 
Hayes  thinks  Verisign  v. 
ICANN  will  turn  out  to  be 
worth  all  the  trouble  — 
for  users. 
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QuickPoll  Results 


Who  is  most  likely  to  torpedo 
a  major  IT  project? 


7°/( 

Overcommited 
team  leader 


Underproductive 
technical  resource 


e  Take  this  week's  QuickPoll  at  www.computerworld.com 
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Guard  Against  Titan  Rain  Hackers 

SECURITY:  Chinese  hackers  are  cracking  U.S. 
computers  and  stealing  any  information 
they  can  get.  What’s  more  troubling  is  that 
your  company  may  have  been  a  victim  but 
you  wouldn’t  even  know,  says  security  expert 
Ira  Winkler.  ©  QuickLink  57711 

Understanding  Microsoft’s 
Desktop  Migration  Tools 

WINDOWS:  Two  Avanade  consultants  outlin 
some  of  the  features  available  in  deployment 
tools  such  as  Microsoft’s  free  Solution  Accel 
erator  for  Business  Desktop  Deployment. 
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every  page  on  our  site. 


ONLINE 

DEPARTMENTS 

Breaking  News 

©  QuickLink  alStv 

Newsletter 

Subscriptions 

©  QuickLink  a143t? 

Knowledge  Cento'; 

©  QuickLink  a25?0 

The  Online  Store 
©  QuickLink ;:1H\  L 


6 


COMPUTERWORLD  October  31, 2005 


NEWS 


www.computerworld.com 


Earliest  Adopters  Get 
Put  to  the  lest 

Microsoft’s  testing  program  lets  users  influence  R&D  and  get  top-tier  support. 

But  it  requires  a  substantial  commitment  -  and  some  live  use  of  beta  code.  By  Carol  Sliwa 


With  the  release 
of  the  first  beta 
copies  of  Win¬ 
dows  Vista  in 

midsummer,  Microsoft  Corp. 
began  ramping  up  the  testing 
process  for  the  next  version 
of  its  client  operating  system. 
But  long  before  that,  a  special 
group  of  corporate  testers  had 
already  started  to  help  shape 
the  new  software. 

Thirteen  companies,  includ¬ 
ing  eight  with  at  least  15,000 
PCs  each,  began  working  with 
Microsoft  on  the  architecture 
and  design  of  their  Windows 
Vista  environments  about  18 
months  ago,  when  the  product 
was  code-named  Longhorn.  In 
April,  they  got  their  hands  on 
alpha  code  with  a  Network 
Access  Protection  feature  they 
had  agreed  to  test.  Another  35 
users  joined  them  last  May 
and  June  as  part  of  Microsoft’s 
Technology  Adoption  Program 
for  validating  the  features, 
functionality  and  product- 
readiness  of  Vista,  said  Linda 
Apsley,  a  group  program  man¬ 
ager  for  Windows  TAPs. 

The  TAP  process  differs 
from  an  ordinary  testing  pro¬ 
gram  in  that  it  requires  partic¬ 
ipants  to  make  a  commitment 
to  run  software  in  live  produc¬ 
tion  environments  prior  to  a 
product’s  final  release.  Micro¬ 
soft  runs  three  different  types 
of  TAPs  across  its  product 
line:  one  for  product  valida¬ 
tion  that  was  formerly  known 
as  the  Joint  Development  Pro¬ 
gram,  a  rapid  deployment  TAP 
that  was  previously  called  the 
Rapid  Adoption  Program,  and 
a  less  rigorous  product  evalua¬ 
tion  program  that’s  more  like 
an  advanced  beta  for  IT  pros. 

The  software  vendor  used 
to  have  to  dr,  he.)  recruiting 
to  get  compart  i.c  to  partici- 


Microsoft  is  currently  running  TAPs  for 
the  following  software: 


■  Windows  Vista 

■  Windows  Server  2003  Release  2 

■  Longhorn  (code  name  for  the  next  version  of  Windows  Server) 

■  Exchange  Server  2003  Service  Pack  2 

■  Live  Communications  Server  2005 

■  Office  12 

*  Network  Access  Protection 
i  Systems  Management  Server  Version  4 

■  Microsoft  Operations  Manager  Version  3 
i  Jamaica  (code  name  for  new  security  software) 


pate  in  the  Windows  TAPs, 
which  started  with  Windows 
2000.  Now,  Apsley  said,  there 
are  eight  to  10  applications  for 
each  open  slot  in  the  Win¬ 
dows  Product  Validation 
TAPs,  and  many  participants 


ask  to  continue  from  program 
to  program. 

“Our  budget  is  extremely 
tight,  and  we’re  always  looking 
for  ways  to  stretch  our  dollar,” 
said  Robert  Taylor,  CIO  for 
Fulton  County  in  Georgia. 


“Agreeing  to  [take  part  in] 

TAP  meant  we  could  leverage 
our  work  on  testing  to  get 
more  benefits  out  of  our  bud¬ 
get  and  be  a  better  custodian 
of  public  funds.” 

The  county’s  IT  department 
joined  the  TAP  process  about 
two  years  ago  when  Windows 
XP  Service  Pack  2  and  Win¬ 
dows  Server  2003  SP1  were 
being  developed.  It’s  currently 
involved  in  TAPs  for  Windows 
Vista  and  Longhorn  Server, 
plus  Version  4  of  Microsoft’s 
Systems  Management  Server 
(SMS)  software,  Taylor  said. 

TAP  participation  means 
that  some  of  the  county’s  best 
IT  employees  get  a  chance 
to  interact  with  Microsoft’s 
“A-team”  engineers,  he  noted. 
The  county  also  gains  access 


to  Microsoft  consultants, 
sometimes  on-site,  and  the 
highest  tier  of  product  sup¬ 
port  the  vendor  has  to  offer. 
For  problems  that  couldn’t  be 
resolved  by  telephone,  Fulton 
County  staffers  have  at  times 
boxed  up  PCs  and  shipped 
them  to  the  development  team 
at  Microsoft. 

“We  feel  like  they  will  not 
let  us  fail,”  Taylor  said.  But  he 
added  that  he’s  still  second- 
guessed  by  CIOs  about  his  de¬ 
cision  to  get  involved  in  a  pro¬ 
gram  requiring  him  to  use 
software  still  being  developed. 

Microsoft  recognizes  that 
companies  “take  a  risk  to  be 
in  our  program,”  Apsley  said, 
adding  that  the  company 
matches  the  risks  posed  by 
TAP  participation  with  top- 
tier  support  —  responding 
within  15  minutes  if  a  user  ex¬ 
periences  a  serious  problem. 
“My  team  is  measured  on  how 
well  they  keep  these  cus¬ 
tomers’  businesses  in  good 
shape,”  she  said. 

The  IT  shops  that  partici¬ 
pate  in  the  Product  Validation 
and  Rapid  Deployment  TAPs 
do  have  to  pay  a  price  by  com¬ 
mitting  the  time  and  resources 
necessary  to  test  and  deploy 
products  on  a  schedule  they 


Small  Companies  Get  Access  and  Clout  Via  TAP 


Red  Dot,  Ping  mix  with  blue-chip  corporations  on  testing  work 


Microsoft’s  Technology  Adoption 
Program  isn’t  just  for  huge  corpora¬ 
tions  with  thousands  of  users.  Many 
smaller  companies  get  a  chance  to 
participate  -  and  they’re  only  too 
happy  to  get  the  sort  of  insider  ac¬ 
cess  and  extra  attention  that's  typi¬ 
cally  reserved  for  the  big  guys. 

John-Mark  Tucker,  an  IT  manag¬ 
er  at  Red  Dot  Corp.  in  Seattle,  said 
he  was  flattered  to  see  a  business 
with  500  employees  get  invited  to 
the  same  events  on  Microsoft’s 
campus  in  Redmond,  Wash.,  as 
companies  such  as  Siemens,  Texa¬ 
co  Inc.  and  Hewlett-Packard  Co. 
“When  you’re  in  these  programs, 
you  actually  do  have  a  real  effect  on 
the  end  product,”  Tucker  said. 

Red  Dot’s  initial  TAP  experience 
was  restricted  to  the  use  of  a  cou¬ 
ple  machines  during  the  tail  end  of 


Normally,  a 
company  our 
size  doesn’t  have 
much  political  pull 
with  a  vendor.  This 
gave  us  a  little 
leverage. 

DAVID  CHACON.  TECHNICAL 
SERVICES  MANAGER,  PING 

the  testing  phase  for  Windows 
Server  2003,  after  a  third-party 
consulting  firm  recommended  the 
company  to  Microsoft.  The  maker 
of  heating  and  air  conditioning  sys¬ 
tems  enjoyed  the  program  so  much 
that  it  signed  on  early  for  the  TAP 
for  Windows  XP  Service  Pack  2. 

Tucker  said  Red  Dot  is  participat¬ 


ing  in  TAPs  for  Windows  Vista  and 
its  Network  Access  Protection  fea¬ 
ture.  The  company’s  IT  staff  is  start¬ 
ing  with  Vista  on  eight  to  10  ma¬ 
chines  but  plans  to  expand  the  rollout 
to  about  50  PCs  toward  the  end  of 
this  year  or  early  next  year,  when  the 
next  major  Vista  beta  arrives.  Within 
six  months  of  the  final  release,  Red 
Dot  expects  to  have  half  of  its  170 
workstations  on  Vista,  Tucker  added. 

Ping  Inc.,  a  Phoenix-based  golf 
equipment  manufacturer  that  has 
just  under  1,000  employees  and 
about  500  PCs,  joined  the  TAP 
process  for  Windows  Server  2003 
in  the  fourth  quarter  of  2002,  in 
connection  with  a  migration  from 
Novell  Inc.’s  NetWare  to  Windows 
for  file-and-print,  e-mail  and  appli¬ 
cation  servers. 

“Normally,  a  company  our  size 


doesn’t  have  much  political  pull 
with  a  vendor,"  said  David  Chacon, 
a  technical  services  manager  at 
Ping,  which  is  a  subsidiary  of 
Karsten  Manufacturing  Corp.  “This 
gave  us  a  little  leverage.” 

Chacon  noted  that  having  con¬ 
sultants  from  Microsoft  and  outside 
firms  on  hand  to  help  with  the  shift 
from  NetWare  Directory  Services  to 
Active  Directory  was  a  significant 
benefit,  as  Ping’s  IT  staff  worked  to 
gain  Windows  skills.  “Going  from 
NetWare  to  Windows  would  have 
been  a  huge  cost  for  us  to  bear  on 
our  own,”  he  said. 

But  although  Ping  will  consider 
participating  in  future  TAPs,  it  won’t 
be  rushing  to  join  the  Windows  Vista 
program.  “We  just  need  a  little  bit  of 
a  breather,”  Chacon  said.  “You  have 
to  analyze  the  opportunity  and  see 
how  it  fits  with  your  business  goals.” 

-  Carol  Sliwa 
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agree  to  with  Microsoft. 

“It  is  a  two-way  street,”  said 
Les  McCarter,  director  of  IT  in¬ 
frastructure  and  operations  at 
Hawaiian  Electric  Co.  “With 
each  new  release  of  the  beta 
software,  we  had  to  make  sure 
we  had  it  installed  on  x  number 
of  machines  —  not  just  test 
machines,  but  machines 
that  were  running  in  a  live 
environment.” 

The  Honolulu-based  power 
company  started 
deploying  Win¬ 
dows  XP  SP2 
within  its  IT  de¬ 
partment  as  part 
of  the  TAP 
process  and  later 
extended  the  test 
code  to  users  of  a 
representative 
sample  of  its  ap¬ 
plications,  as 
well  to  other  end 
users  who  were 
willing  to  try 
beta  software. 

McCarter  said 
that  despite  some 
concerns  about  running  beta 
code  on  live  systems,  Hawaiian 
Electric  was  anxious  to  get  the 
security-focused  SP2  release, 
which  it  wanted  to  deploy  si¬ 
multaneously  with  Office  2003 
to  its  1,500  end  users.  With 
each  new  release  of  the  SP2 
beta  code,  the  company  retest¬ 
ed  its  applications  to  make 
sure  they  remained  compati¬ 
ble.  At  one  point,  when  an  ap¬ 
plication  didn’t  run  well  with 
the  firewall  built  into  Win¬ 
dows  XP,  Microsoft  postponed 
the  release  of  a  public  beta  so 
it  could  fix  the  problem,  Mc¬ 
Carter  said. 

“My  technical  staff  was 
amazed  that  our  reported  prob¬ 
lem  contributed  to  a  publicly 
announced  postponement,”  he 
said.  “We  felt  we  made  a  mark 
on  the  final  XP  release.” 

McCarter  said  the  effort  was 
worth  it  for  this  particular  sce¬ 
nario,  but  he’s  not  sure  if  the 
utility  will  sign  up  for  another 
TAP.  “We  look  back  and  debate 
whether  we  would  do  it  again, 
because  it  did  require  a  fair 
amount  of  effort  on  our  side,” 
McCarter  said.  “If  you  commit 
to  this,  it  forces  you  to  dig  deep 
into  the  technology.  It’s  not 
something  to  take  on  lightly.” 


For  some,  the  extra  assistance 
is  tough  to  resist.  Gunnar 
Thaden,  CIO  at  Tuev  Nord 
Group  in  Hannover,  Germany, 
said  he  was  astonished  to  see 
Microsoft  essentially  copy  his 
company’s  40-server  installa¬ 
tion  at  its  Redmond,  Wash., 
campus  for  testing  of  SMS  2003. 

During  a  week’s  stay  there  as 
part  of  the  SMS  TAP,  Thaden 
worked  with  the  vendor’s  engi¬ 
neers  and  SMS  developers 

from  8:30  a.m.  to  10 
p.m.  and  saw  nu¬ 
merous  Microsoft 
employees  work 
one  night  from  10 
p.m.  to  4  a.m.  to  fix 
a  particularly  nag¬ 
ging  problem. 

Tuev  Nord,  a 
technical  services 
provider  with  a 
workforce  of  more 
than  7,000,  is  par¬ 
ticipating  in  TAPs 
for  Windows  Vista, 
SQL  Server  2005, 
Office  12  and  the 
Network  Access 
Protection  technology.  Thaden 
estimated  that  his  IT  staffers 
spend  an  average  of  15  hours 
per  week  on  TAP  activities. 

But  he  added  that  on  some 
days,  it  might  be  just  an  hour, 
while  on  others,  they  might 
devote  the  entire  workday  to 
the  testing  program,  he  said. 

Access  to  Labs 

Siemens  AG  has  been  involved 
in  more  than  80  TAPs  during 
the  past  seven  years  and  is 
currently  participating  in  a 
dozen.  The  electrical  and  elec¬ 
tronic  products  manufacturer 
wants  to  make  sure  that  any 
products  it  deploys  will  scale 
for  its  nearly  400,000  PCs 
worldwide,  said  John  Minnick, 
an  Alpharetta,  Ga.-based  enter¬ 
prise  architect  at  Siemens. 

Siemens  also  finds  it  impor¬ 
tant  to  have  access  to  Micro¬ 
soft’s  labs,  where  it  can  bring 
together  a  global  team  in  one 
spot,  Minnick  added.  “We’re 
driving  the  leading  edge,  not 
just  following  it.  That’s  the 
benefit  of  TAP,”  he  said. 

Minnick  noted  that  Siemens 
has  submitted  more  than  520 
design-change  requests  and 
bug  reports  to  Microsoft  as 
part  of  the  TAP  process.  In  ad¬ 


dition,  the  company’s  partici¬ 
pation  has  helped  it  make  deci¬ 
sions  about  product  deploy¬ 
ments.  For  example,  Minnick 
said,  Siemens  didn’t  deploy 
Exchange  Server  2000  because 
of  the  software’s  lack  of  dis¬ 
tributed  administration  capa¬ 
bilities.  It  also  had  scalability 
issues  with  Windows  2000. 

“If  it  wasn’t  for  the  partici¬ 
pation  in  TAP  programs,  we 
would  not  have  been  able  to 
explain  why  it  was  a  show- 
stopper  when  the  product  was 
released,”  Minnick  said. 

Denver  Health  and  Hospital 
Authority  Inc.  couldn’t  get  a 
scripting  tool  to  work  during  a 
four-week  TAP  that  included 
migrating  its  Microsoft  SNA 
gateway  servers  to  the  ven¬ 
dor’s  Virtual  Server  software. 
Microsoft  and  its  consulting 
partner,  Interlink  Group  Inc. 
in  Englewood,  Colo.,  couldn’t 
get  the  tool  to  work  either,  ac¬ 
cording  to  Michael  Brown,  a 
former  support  services  man¬ 
ager  at  Denver  Health  who 
recently  left  to  work  for  Sun 
Microsystems  Inc. 

The  Microsoft  utility  would 
have  eliminated  the  need  for 
the  not-for-profit  health  care 
provider  to  manually  build 
virtual  servers  on  a  one-by- 
one  basis.  Brown  said  Denver 
Health’s  IT  department  ulti¬ 
mately  opted  for  a  tool  from 
Toronto-based  PlateSpin  Ltd. 

Because  Brown  viewed  the 
scripting  tool  only  as  “the 
cherry  on  top,”  he  still  consid¬ 
ered  the  Virtual  Server  TAP  to 
be  a  success,  as  Denver  Health 
consolidated  14  physical 
servers  to  four.  The  company 
has  also  participated  in  TAPs 
for  Exchange  Server  2000  and 
Active  Directory  as  well  as 
SMS  2003,  he  said. 

But  users  shouldn’t  sign  up 
for  TAPs  without  giving  it  some 
thought,  Brown  cautioned. 
“You  have  to  make  sure  a  pro¬ 
gram  like  this  is  going  to  meet 
your  expectations,”  he  said. 
“You  have  to  go  in  with  a  very 
specific  reason.”  O  57875 


MORE  ONLINE 

Microsoft  exec  Jim  Allchin  says  changes  in 
the  Windows  engineering  process  have  led 
to  higher-quality  beta  software: 
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H  We  feel  like 
[Microsoft] 
will  not  let  us  fail. 


ROBERT  TAYLOR, 
CIO,  Fulton  County,  Ga. 


HOW  IT  WORKS 


Microsoft’s 

Technology 

Adoption 

Program 

PRODUCT  VALIDATION 

PURPOSE:  To  get  customer  input  about  products  throughout 
the  development  cycle.  The  programs  are  driven  by  Microsoft’s 
engineering  teams. 

USER  PARTICIPATION:  The  Windows  Vista  program  now 
includes  48  enterprise-class  users,  midsize  businesses  and 
resellers.  Microsoft  expects  to  add  30  to  40  small  to  medium- 
size  companies. 

REQUIREMENTS  FOR  PARTICIPANTS:  Work  with  Micro 
soft’s  product  teams  to  develop  deployment  plans;  provide 
feedback  on  products  and  bugs;  deploy  beta  releases  during 
agreed-upon  time  periods;  and  go  live  with.  Beta  2  and  Release 
Candidate  versions  for  agreed-upon  numbers  of  end  users. 

SELECTION  CRITERIA:  Microsoft  seeks  a  mix  of  users  to  under¬ 
stand  how  products  work  across  different  vertical  industries,  as 
well  as  a  blend  of  small,  midsize  and  large  companies,  international 
users,  systems  vendors  and  resellers.  The  depth  of  a  company’s 
internal  Microsoft  support  staff  is  considered,  as  is  its  relationship 
with  Microsoft  Consulting  Services.  Customer  business  scenarios 
also  are  taken  into  account. 

RAPID  DEPLOYMENT 

PURPOSE:  To  help  companies  deploy  products  and  collect 
feedback  about  the  challenges  they  encounter. 

USER  PARTICIPATION:  The  Windows  Vista  program  now  has 
500  users  worldwide  -  250  enterprise  companies  (more  than 
2,500  PCs),  150  midmarket  companies  (50  to  2,500  PCs)  and 
100  small  businesses  (fewer  than  50  PCs). 

REQUIREMENTS  FOR  PARTICIPANTS:  Enterprise  users 
must  deploy  products  on  100  seats  when  the  Release  Candi¬ 
date  version  ships  and  on  1,000  desktops  within  six  months  of 
the  software's  release  to  manufacturing.  Small  and  midsize 
companies  have  to  install  software  on  20%  to  30%  of  their 
seats  within  six  months  of  a  product’s  release  to  manufacturing. 

SELECTION  CRITERIA:  Users  are  nominated  by  Microsoft 
account  teams,  sales  representatives  or  business  partners. 
Nonenterprise  customers  can  also  apply  to  Microsoft  directly. 
The  vendor  considers  past  experience  with  TAPs  and  the  level 
of  customer  commitment  to  deploying  products. 
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Oracle  Beats  SAP 
For  Air  Force  Deal 

Oracle  Corp.  beat  out  SAP  AG 
and  other  vendors  to  win  a  multi¬ 
year,  S88.5  million  contract  with 
the  U.S.  Air  Force,  which  includes 
a  closely  watched  deal  to  build  a 
new  logistics  system.  The  new 
Expeditionary  Combat  Support 
System  is  intended  to  replace 
more  than  500  IT  systems  with 
an  integrated,  commercial  supply 
chain  management  system. 


MSN,  Office  Execs 
Resign  Posts . . . 

Hadi  Partovi,  general  manager  of 
the  MSN  portal,  and  Don  Gagne, 
director  of  development  for  Of¬ 
fice,  have  both  resigned  their 
posts  at  Microsoft  Corp.  Partovi, 
a  key  developer  in  an  MSN  incu¬ 
bation  project  called  Start.com,  is 
leaving  to  pursue  other  interests. 
Gagne  is  leaving  after  11  years  to 
pursue  his  hobby  of  racing  cars 
full  time. 


. . .  As  Microsoft 
Posts  Solid  Quarter 

Microsoft  said  its  first-quarter 
profit  rose  24%,  and  revenue  was 
up  6%.  The  company  said  its  core 
platform  software  -  including  SQL 
Server,  whose  sales  rose  15% 
over  the  past  year,  Exchange  and 
Windows  Server  -  were  solid  per¬ 
formers  in  the  quarter. 


VerlSlgrs,  ICANN 
Settle  Lawsuit 

VeriSign  Inc.  has  settled  a  lawsuit 
that  accused  the  internet  Corpo¬ 
ration  for  Assigned  Names  and 
Numbers  of  delaying  new  domain- 
name  services.  VeriSign,  which 
manages  the  .com  and  .net  do¬ 
mains,  had  accused  ICANN  of 
overstepping  its  authority  by 
dragging  its  feet  in  letting  Veri- 
Sign  offer  new  services.  (See  also 
Frankly  Speaking,  page  54.) 
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Rewrite  the  Rules 
About  Writing . . . 

. . .  business  rules.  The  first  new  rule?  Get  IT  out  of  the 
equation.  That’s  what  David  Straus  suggests.  Straus  is 
senior  vice  president  of  sales  and  marketing  at  San 
Mateo,  Calif. -based  Corticon  Technologies  Inc., 
which  develops  an  array  of  software  designed  to  let 


business 
analysts  and 
managers 
turn  their 
own  business 
rules  into 
executable 
code.  Ac¬ 
cording  to 
Straus,  “any¬ 
one  with  a 
logical  mind” 
can  use  Cor- 
ticon’s  Rules  Modeling  Studio 
tool.  He  says  a  business  rule 
consists  of  a  condition  and  its 
values,  plus  an  action  and  its 
values.  End  users  point  and 
click  their  way  through  the 
software  and  use  everyday 
English  to  complete  the  form 
that  creates  the  rules.  Once 
they’re  happy  with  a  new 
rule,  they  compile  the  code 
and  test  it  for  logic  flaws. 
Corticon’s  software  checks  all 
the  possible  combinations  of 
conditions  and  actions  in  the 
rule.  By  the  end  of  November, 
the  company  plans  to  add  an 
Analysis  Server  to  its  product 
line.  The  new  software  can  be 
used  to  create  what-if  scenar¬ 


ios  prior  to  building  business 
rules.  Pricing  varies  based  on 
the  implementation,  but 
Straus  says  an  average  value 
of  a  Corticon  sale  is  about 
$25,000  for  15  seats. 

Shed  some  light  on 
the  state  of  your . . . 

...  IT  development  projects. 

Lighthouse,  a  new  service 
from  Artifact  Network  Inc.  in 
Baltimore,  monitors  IT  proj¬ 
ects  and  gives  CIOs,  project 
managers,  tech  staffers  and 
other  corporate  execs  user- 
specific  dashboard  views  of 
everything  from  milestones 
achieved  (or  not)  to  how  far 
along  you  are  on  defect  reme- 
|  diation.  Artifact  CEO  Mark 
Wesker 
likens  Light¬ 
house  to  “an 
early  warn¬ 
ing  system” 
for  troubled 
projects. 
Budget- 
minded  man¬ 
agers  might 
get  warnings 
about  project 


|  costs,  while  development 
managers  will  be  notified 
about  bug-fix  rates.  By  click¬ 
ing  on  the  red  warning  but¬ 
tons,  you  can  drill  down  to 
the  specifics  of  the  crisis  at 
hand.  The  service  integrates 
with  Microsoft  Project.  Arti¬ 
fact  is  developing  a  Web  ser¬ 
vices  interface  and  will  add 
custom  reporting  functions  to 
a  version  of  Lighthouse  that’s 
supposed  to  be  ready  early 
next  year.  Subscription 
pricing  varies  by  user,  but 
an  unlimited-projects  and 
unlimited-users  option 
runs  $2,500  per  month. 

Revenge  tool  from 
Microsoft  gives  you . . . 

...  the  power  to  make  its  devel¬ 
opers  feel  your  pain.  Called 
WSYP  (for  “we  share  your 
j  pain”)  and  created  by  Micro¬ 
soft  Corp.’s  U.K.  branch,  the 
new  tool  lets  you  enact  some 
justice  upon  specific  Micro¬ 
soft  developers  whose  pro¬ 
gramming  flaws  have  caused 
you  headaches.  Microsoft  has 
created  an  instructional  video 
on  how  WSYP  works,  and  it’s 
worthy  of  everyone’s 
attention.  (Go  to 
www.microsoft.com/ 
uk/technet/ 
itsshowtime/ 
sessionh.aspx? 
videoid-9999,  then 
click  on  the  “See  a 
preview”  link.)  WSYP 
is  an  excellent  model 
that  other  software  vendors 
should  emulate  —  if  not  with 
a  similar  tool,  then  at  least 
with,  shall  we  say,  the  same 
attitude. 

Mac  Mini  gets  a 
PC  cousin  for . . . 

. . .  Windows  and  Linux.  The 

Mini  PC  from  AOpen  Ameri¬ 
ca  Inc.  in  San  Jose  is  due  to 
reach  retail  shelves  in  late 
November.  The  device,  which 
is  6.5  in.  square  and  less  than 
2  in.  high,  will  come  with  a 
Celeron  processor,  two  USB 
ports,  an  Ethernet  link,  built- 
in  wireless  networking,  a  CD- 


ROM  drive  and  a  DVD  burn¬ 
er.  The  system  also  can  be 
configured  with  up  to  120GB 
of  storage  and  1GB  of  RAM. 
According  to  Chris  Liu,  vice 
president  of  product  market¬ 
ing  at  AOpen,  the  little  PC 
wall  appeal  to  business  users 
who  need  systems  to  run 
kiosks  or  digital  signage.  Liu 
says  a  Linux  model  will  retail 
for  $399,  while  a  Windows 
version  will  cost  $499.  The 
monitor,  mouse  and  keyboard 
are  sold  separately,  of  course. 

The  best  BitDefender 
beta  tester  can  give . . . 

. . .  his  liver  a  workout  with  the 
prize:  1,000  German  beers.  You 

could  win  after  putting  the 
beta  version  of  an  upgrade 
of  Softwin  SRL’s  Bit- 
Defender  Mail  Protec¬ 
tion  for  Enterprises 
through  its  paces.  The 
Bucharest,  Romania- 
based  maker  of  anti¬ 
virus  software  for  Lin¬ 
ux  has  posted  a  few 
simple  rules  for  the 
contest,  which  ends 
Jan.  15.  Testers  register  online 
and  post  bugs  that  they  find 
to  the  beta-test  mailing  list. 
Softwin’s  developers  then  re¬ 
view  the  found  flaws,  and  the 
company’s  judges  rate  the 
number  and  severity  of  the 
bugs  to  determine  the  winner. 
Oh,  and  in  addition  to  drink¬ 
ing  Bitburger  or  Beck’s  to 
your  heart’s  content  and  liv¬ 
er’s  distress,  you’ll  also  win 
a  trip  to  Romania  —  where, 
Softwin  claims,  you’ll  get  to 
meet  Count  Dracula.  How¬ 
ever,  your  blood-alcohol 
level  might  scare  him  away. 

©  57840 


STRAUS: 

Get  IT  out  of 
business-rule¬ 
writing 
business. 
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Number  of 
Microsoft 
developers 
“ejected”  via 
WSYP. 
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Unisys  Maps  Possible  Shift  of 
Its  Mainframes  to  Intel  Chips 


Joint  development  deal  with  NEC  sets 
stage  for  move  from  proprietary  CPUs 


BY  PATRICK  THIBODEAU 

UNISYS  CORP.  is 
putting  all  of  its 
mainframes  on  an 
Intel  hardware  path 
and  ultimately  may  end  the 
use  of  its  internally  developed 
CMOS  processors. 

The  potential  shift  of  the 
full  ClearPath  mainframe  line 
to  Intel  Corp.’s  CPUs  stems 
from  a  joint  development 
agreement  that  Unisys  an¬ 
nounced  last  week  with  NEC 
Corp.  for  high-end  servers. 

But  there  aren’t  any  specific 
development  plans  yet,  and  a 
Unisys  spokesman  described 
the  interest  in  Intel  processors 
on  ClearPath  as  “directional” 
—  not  carved  in  stone. 

The  partnership  with  NEC 
came  one  week  after  Unisys 
posted  a  preliminary  third- 
quarter  loss  of  $54.3  million 
and  disclosed  plans  to  cut  its 
36,000-person  workforce  by 
10%  over  the  next  year. 

The  Blue  Bell,  Pa.-based 
company  also  said  it  would 
focus  resources  on  high- 
growth  technology  markets 
while  continuing  to  invest  in 
operating  systems  and  soft¬ 
ware  development  for  Clear¬ 
Path  and  its  ES7000  server  line. 

Growing  Stronger 

Greg  Schweizer,  a  systems 
administrator  and  Unisys 
mainframe  user  at  Oregonian 
Publishing  Co.  in  Portland, 
Ore.,  said  any  move  by  the 
vendor  away  from  hardware 
development,  combined  with 
an  increased  focus  on  soft¬ 
ware  and  services,  “should 
make  Unisys  stronger.” 

Schweizer  also  said  he 
may  be  able  to  save  money  if 
Unisys  lets  users  move  its  OS 
2200  mainframe  operating 
system  to  servers  based  on 
commodity  prot .  ssors. 

Road  maps  derailing  the 
product  development  plans 


with  NEC  won’t  be  available 
until  the  two  companies  final¬ 
ize  their  agreement  in  the  first 
quarter  of  2006,  said  Unisys 
spokesman  Guy  Esnouf. 

A  migration  away  from  the 
CMOS  processors  will  depend 
on  Intel’s  ability  to  at  least 
match  their  performance,  ac¬ 
cording  to  Esnouf.  He  added 
that  regardless  of  what  deci¬ 
sion  is  made  on  the  hardware, 
Unisys  will  continue  to  devel¬ 
op  and  support  OS  2200  and 
MCP,  its  other  mainframe  op¬ 


erating  system.  Some  Clear¬ 
Path  models  with  MCP  al¬ 
ready  can  run  on  Intel  chips 
(see  box). 

“Obviously,  we’re  not  going 
to  do  anything  until  we’re  hap¬ 
py  that  the  Intel  processor 
technology  is  where  it  needs 
to  be,”  Esnouf  said.  “In  time, 
we  would  plan  that  ClearPath 
would  run  on  Intel  rather  than 
on  the  current  CMOS.  But 
we’re  not  going  there  now.” 

Esnouf  also  said  that  if  users 
want  to  stay  on  the  CMOS 
hardware  in  the  future,  “that’s 
where  they  will  stay.  We’re  not 
going  to  try  to  force  them  off.” 

Marian  Ritland,  develop- 


Technology 

Details 

Unisys  offers  two  lines  of 
mainframes  as  part  of  its 
ClearPath  family. 

Runs 

the  OS  2200  operating  system 
and  uses  proprietary  CMOS 
processors  on  all  models. 

'  T  Runs 

the  MCP  operating  system  and 
uses  CMOS  processors  on  high- 
end  machines.  Unisys  offers  a 
choice  of  CMOS  and  Intel  CPUs 
on  midrange  models  but  only  In¬ 
tel  devices  on  low-end  systems. 


Airport  Builds  Big  Wi-Fi  Network, 
Signs  Up  Rival  Access  Vendors 

Atlanta  facility 
adds  cell  towers, 
operations  center 


BY  MATT  HAMBLEN 

Atlanta’s  international  airport 
last  week  launched  a  large 
Wi-Fi  hot  spot  that  gives  trav¬ 
elers  a  choice  among  several 
competing  wireless  Internet 
access  services  and  is  part  of  a 
wider  upgrade  of  the  facility’s 
network  infrastructure. 

Hartsfield-Iackson  Atlanta 
International  Airport  is  the 
first  airport  in  the  U.S.  to  offer 
Wi-Fi  services  from  rival  out¬ 
side  vendors,  CIO  Lance  Lyttle 
claimed.  The  competition  has 
already  brought  prices  down, 
he  said. 

For  example,  before  the  offi¬ 
cial  launch,  Boingo  Wireless 
Inc.  had  been  offering  one-day 
Wi-Fi  access  to  users  for  $9.95. 
When  rival  Concourse  Com¬ 
munications  Group  LLC  of¬ 
fered  a  daily  price  of  $7.95, 
Boingo  cut  its  rate  to  two  days 
for  $9.95,  Lyttle  said. 

In  addition  to  installing  the 
Wi-Fi  network,  the  IT  staff 


at  Hartsfield-Jackson  has 
added  cell  towers  to  support 
both  voice  calls  and  users 
who  have  purchased  laptop 
cards  for  wireless  broadband 
data  access  instead  of  Wi-Fi 
connections. 

But  the  availability  of  more 
choices  could  add  to  the  bur¬ 
den  on  IT  managers  who  sup¬ 
port  e-mail  and  Internet  con¬ 
nectivity  for  business  travelers 
and  who  should  be  monitoring 
their  remote  connections  to 
keep  costs  from  getting  out  of 
hand,  said  Ken  Dulaney,  an  an- 
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HARTSFIELD-JACKSON  says 
that  it’s  the  first  airport  to  offer 
Wi-Fi  services  from  competing 
outside  vendors. 


PHOTO  COURTESY  OF  HARTSFIELD-JACKSON 
ATLANTA  INTERNATIONAL  AIRPORT 


alyst  at  Gartner  Inc. 

“A  big  issue,  in  my  opinion, 
is  how  enterprises  will  control 
costs  in  light  of  all  these  op¬ 
tions,”  Dulaney  said. 

He  added  that  to  help  keep 
costs  down,  companies  must 
create  profiles  of  different 
user  types,  allocate  money  to 
support  each  type  of  user  and 
track  what  is  spent  on  each  ac¬ 
cess  method. 

The  Wi-Fi  network  in  At¬ 
lanta  has  150  access  points  cov¬ 
ering  all  5.8  million  square  feet 
of  terminals  and  nearby  areas, 
Lyttle  said.  Cisco  Systems  Inc. 
provided  the  equipment  for  the 
network,  which  cost  about  $1.5 
million  to  build. 

Other  Improvements 

Combined  with  other  network 
improvements,  including  the 
addition  of  the  cell  towers  and 
a  new  network  operations 
center,  the  airport  is  spending 
a  total  of  about  $4.5  million, 
according  to  Lyttle. 

Some  airlines  already  have 
their  own  Wi-Fi  hot  spots  that 
work  only  near  their  gates  at 
the  airport,  Lyttle  said.  The 


ment  and  operations  manager 
at  the  University  of  Wiscon- 
sin-Eau  Claire,  runs  an  MCP- 
based  ClearPath  mainframe 
that’s  powered  by  Intel  chips. 
She  said  it  has  been  obvious  to 
users  that  Unisys  is  heading 
toward  a  single  hardware  plat¬ 
form  for  its  mainframes. 

But  Ritland,  who  is  also 
chairwoman  of  the  Unite  Inc. 
Unisys  user  group  in  St.  Clair 
Shores,  Minn.,  said  the  vendor 
is  moving  cautiously  and  giv¬ 
ing  users  a  choice  of  technolo¬ 
gies  “at  a  pace  that  allows  peo¬ 
ple  to  pick  and  choose.” 

Because  the  CMOS-based 
mainframes  are  “a  legacy  and 
presumably  shrinking  market 
opportunity,  it’s  hard  to  see 
Unisys  being  able  to  justify 
continued  processor  develop¬ 
ment  there,”  said  Gordon  Haff, 
an  analyst  at  Illuminata  Inc.  in 
Nashua,  N.H.  ©  57868 


airportwide  network  was  de¬ 
signed  not  to  interfere  with 
the  existing  ones,  he  noted. 

Lyttle  said  that  about  21,000 
users  have  signed  up  for  Wi-Fi 
services  at  the  airport  since 
early  September,  when  the 
network  began  operating  on 
a  trial  basis. 

The  three  Wi-Fi  providers 
are  Santa  Monica,  Calif. -based 
Boingo,  Chicago-based  Con¬ 
course  and  Sprint  Nextel 
Corp.  Each  has  a  contract  with 
the  airport  authority,  which 
owns  the  network. 

Internet  access  via  Wi-Fi 
will  be  enhanced  by  a  fiber¬ 
optic  backbone  that  was  in¬ 
stalled  in  an  earlier  phase  of 
the  project,  Lyttle  said.  He 
added  that  the  network  is  de¬ 
signed  to  eventually  support 
voice  over  Wi-Fi  and  that  air¬ 
port  officials  are  assessing  the 
needs  of  business  travelers  for 
that  technology. 

In  addition  to  public  Wi-Fi 
services,  Hartsfield-Jackson 
is  offering  separate  access  to 
about  800  airport  workers  for 
daily  business  operations  and 
to  concessions  and  public- 
safety  employees,  Lyttle  said. 
Voice  and  video  communica¬ 
tions  over  Wi-Fi  are  expected 
to  be  important  applications 
for  public  safety,  he  noted. 

©  57839 
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Industry  Vets  Unveil 
Company,  New  Chip 

At  ln-Stat’s  Fall  Processor  Forum, 
a  group  of  chip  industry  veterans 
announced  a  new  company  and 
a  low-power  dual-core  chip  based 
on  IBM’s  Power  architecture.  The 
founders  of  2-year-old  PA  Semi 
Inc.  include  Dan  Dobberpuhl,  a 
lead  architect  of  the  Alpha  and 
StrongARM  processors.  The  first 
chip  in  the  PWRficient  family  is 
the  PA6T-1682M. 


CA  Posts  Quarterly 
Sales,  Profit  Gains 

Computer  Associates  Interna¬ 
tional  Inc.  reported  increases  in 
second-quarter  sales  and  profits, 
which  CEO  John  Swainson  called 
a  solid  sign  of  the  work  CA’s  new 
management  team  is  doing  to 
strengthen  the  battered  company. 


Microsoft  Unveils  Bl 
Tools  for  Office  12 

Microsoft  Corp.  has  unveiled  a 
host  of  business  intelligence  fea¬ 
tures  for  the  Excel  and  SharePoint 
components  of  the  next  version  of 
Microsoft  Office,  code-named  Of¬ 
fice  12.  The  Bl  updates,  which  in¬ 
clude  integration  with  SQL  Server 
2005,  are  part  of  an  effort  to  posi¬ 
tion  the  software  as  more  than  just 
a  productivity  suite.  Office  12  is 
expected  to  ship  next  year. 


Intel  Changes  Plans 
For  Server  Chips 

Intel  Corp.  has  made  several 
changes  to  its  road  map  for  serv¬ 
er  processors.  The  chip  maker 
has  delayed  the  release  of  its  first 
dual-core  Itanium  2  processor 
until  mid~20G6  and  is  replacing  a 
planned  rmsltieore  Xeon  processor 
with  a  design  that  eliminates  the 
performance  penalty  of  shared 
connections  to  a  chip  set.  The 
company  also  has  kliied  White- 
field,  a  multicore  '  r;  processor. 


NEWS 


Informatica  Plans  Upgrade, 
Looks  for  Edge  Over  IBM 


Blends  data  integration  tools  into  single 
suite;  shipments  aren’t  due  until  April 


BY  ERIC  LAI 

NFORMATICA  CORP.  claims 
that  the  features  in  its  up¬ 
coming  PowerCenter  8 
data  integration  software 
trump  those  offered  by  its  top 
competitor,  IBM  —  a  con¬ 
tention  that  IBM  took  issue 
with  last  week. 

Users  and  analysts  said  the 
truth  lies  somewhere  in  the 
middle,  depending  on  whether 
an  IT  organization  needs  the 
lighter,  all-in-one  functionality 
being  promised  by  Informati¬ 
ca  or  the  heavier  but  more 
robust  tools  that  IBM  sells. 

“Informatica  is  more  like  a 
Swiss  Army  Knife,  and  IBM  is 
more  like  a  toolbox,”  said  Eric 
Rogge,  an  analyst  at  Ventana 
Research  Inc.  in  San  Mateo, 
Calif.  “If  you’re  going  on  a 


hike,  you  may  not  want  to  lug 
around  a  heavy  toolbox.  But  if 
you’re  building  a  house,  you 
wouldn’t  want  to  use  a  Swiss 
Army  Knife.” 

Redwood  City,  Calif.-based 
Informatica  and  IBM’s  infor¬ 
mation  integration  division  — 
which  was  bolstered  in  April 
when  IBM  bought  Ascential 
Software  Corp.  for  $1.1  billion 
—  are  battling  for  supremacy 
in  the  growing  market  for  data 
integration  software. 

Feature  Claims 

Informatica  plans  to  announce 
Version  8  of  PowerCenter  this 
week,  although  it  isn’t  due  for 
general  release  until  April.  It 
will  be  available  by  year’s  end 
on  a  limited  basis. 

Ivan  Chong,  vice  president 


of  product  marketing  at  Infor¬ 
matica,  said  PowerCenter  8 
will  be  the  first  product  of  its 
kind  to  offer  users  a  seamless¬ 
ly  integrated  platform.  Fea¬ 
tures  include  the  ability  to  “fed¬ 
erate”  historical  information 
in  data  warehouses  with  real¬ 
time  transaction  data,  he  said. 

Mark  Register,  chief  market¬ 
ing  officer  at  IBM’s  integration 
division,  retorted  that  his 
unit’s  family  of  software  tops 
Informatica’s  products  on  the 
strength  of  its  features,  despite 
the  fact  that  PowerCenter  8  has 
a  so-called  push-down  opti¬ 
mization  feature  that  allows 
data  transformations  to  be 
done  within  a  database.  IBM 
hasn’t  seen  much  demand  for 
that  capability,  Register  said. 

IBM  is  beta-testing  a  com¬ 
bined  version  of  the  IBM  and 
Ascential  integration  tools  in 
an  initiative  known  as  Project 


Air  Force,  DOD  Set  to  Link 
Web  Services  Registries 


BY  HEATHER  HAVENSTEIN 

The  U.S.  Air  Force  and  U.S. 
Department  of  Defense  plan 
to  merge  part  of  their  Web 
services  registries  to  allow 
the  sharing  of  such  services 
throughout  the  military. 

In  recent  months,  the  pro¬ 
gram  office  charged  with  inte¬ 
grating  all  Air  Force  combat 
support  systems,  the  Global 
Combat  Support  System-Air 
Force  Team  (GCSS),  has  been 
using  registry  technology  to 
catalog  its  growing  stable  of 
Web  services. 

Six  months  ago,  the  GCSS 
launched  the  Core  Discovery 
Service,  which  is  based  on  reg¬ 
istry  technology  from  Systinet 
Corp.  in  Burlington,  Mass.,  to 
let  users  access  Web  services 
and  other  enterprise  services. 

Officials  are  also  using  the 
system,  the  first  production 
discovery  service  used  by  the 
U.S.  military,  to  promote  the 


use  of  the  Web  services  and  to 
help  whittle  down  the  number 
of  disparate  combat  support 
systems  and  data  sources  cur¬ 
rently  in  place. 

Over  the  next  month,  the 
GCSS  plans  to  integrate  the 
Core  Discovery  Service  with  a 
pilot  discovery  service,  also 
based  on  Systinet  technology, 
created  by  the  Defense  De¬ 
partment.  This  integrated  sys¬ 
tem  will  let  users  from  all  mil¬ 
itary  branches  access  GCSS 
Web  services. 

The  GCSS  also  is  using  its 
discovery  service  to  help  con¬ 
solidate  multiple  databases, 
data  warehouses  and  analytic 
tools  used  for  combat  systems, 
said  Lt.  Col.  Joe  Besselman, 
program  manager  for  the  Air 
Force  GCSS. 

The  GCSS  program  was 
launched  nine  years  ago  to 
consolidate  600  systems,  in¬ 
cluding  many  redundant  data¬ 


bases,  Besselman  said.  The 
GCSS  has  so  far  cut  that  num¬ 
ber  to  150  systems  and  plans  to 
further  cut  the  total  to  120  by 
2010,  he  said. 

“Our  goal  is  to  eliminate  the 
silos  —  the  duplicating  ware¬ 
houses  and  data  marts  — 
wherever  possible,”  Bessel¬ 
man  said. 

For  example,  the  GCSS  is 
using  registry  technology  to 
build  an  enterprise  data  ware¬ 
house,  which  will  help  elimi¬ 
nate  multiple  analytic  tools 
and  mini  data  warehouses  that 
were  custom-built  in  various 
Air  Force  departments. 

The  Air  Force  GCSS  pro- 


HOur  goal  is 
to  eliminate 
the  silos  -  the  dupli¬ 
cating  warehouses 
and  data  marts  - 
wherever  possible. 

LT.  COL.  JOE  BESSELMAN, 

PROGRAM  MANAGER,  AIR  FORCE  GCSS 
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Hawk.  The  software  is  sched¬ 
uled  to  be  released  next  year, 
said  an  IBM  spokeswoman 
who  wouldn’t  disclose  a  more 
specific  shipment  date. 

Ace  Hardware  Corp.  began 
using  Informatica’s  software 
four  years  ago  for  basic  ex¬ 
tract,  transform  and  load  jobs 
on  batch  data,  said  Mark 
Cothran,  a  data  warehouse 
architect  at  the  Oak  Brook, 
Ill.-based  retailer  and  a  Power- 
Center  8  beta  tester.  Now  the 
5,000-store  cooperative  uses 
PowerCenter  to  translate  or¬ 
ders  from  an  e-commerce  ser¬ 
vice  provider  into  a  DB2  data¬ 
base  format  in  near  real  time, 
said  Cothran.  Even  though 
Ace  primarily  runs  IBM  sys¬ 
tems,  he  said  IBM  hasn’t  asked 
him  to  switch  to  its  data  inte¬ 
gration  software.  “I  haven’t, 
and  I  wouldn’t,”  Cothran  said. 

In  contrast,  Atique  Shah,  ex¬ 
ecutive  vice  president  of  CRM 
at  Churchill  Downs  Inc.,  home 
of  the  Kentucky  Derby,  said  he 
chose  Ascential’s  DataStage 
software  18  months  ago  in  a 
bake-off  that  included  Infor¬ 
matica’s  tools.  O  57871 


gram  has  so  far  standardized 
on  data  warehouse  technology 
from  NCR  Corp.’s  Teradata 
unit,  Microsoft  Corp.’s  SQL 
server  database,  Business  Ob¬ 
jects  SA’s  reporting  tools  and 
Cognos  Corp.’s  analytic  tools. 

Since  building  the  discovery 
service,  the  program  has  been 
able  to  provide  near-real-time 
status  reports  for  any  aircraft 
globally  by  fusing  data  views 
from  flight  line,  maintenance 
and  supply  systems  in  the  en¬ 
terprise  data  warehouse, 
Besselman  added. 

Anne  Thomas  Manes,  an 
analyst  at  Burton  Group  in 
Midvale,  Utah,  said  corpo¬ 
rate  IT  operations  are  also 
beginning  to  use  registries  to 
manage  Web  services,  data 
sources,  data  feeds,  reports 
and  metadata. 

“A  registry  also  provides  a 
foundation  for  management 
and  governance,  [and]  compa¬ 
nies  can  use  the  registration 
process  to  verify  that  services 
meet  certain  criteria  required 
before  promoting  into  produc¬ 
tion,”  she  added.  O  57865 


NETWORK 

The  largest  and  fastest 
national  wireless  data  network. 
The  largest  U.S.  provider  on 
the  global  standard. 


EXPERTISE 

Our  people  and  partners 
make  wireless  work  for 
more  businesses  than  any 
other  wireless  carrier. 


APPLICATIONS 

The  broadest  and  deepest 
portfolio  of  wireless 
business  solutions. 


SERVICE 

24/7  enterprise-grade 
support.  And  a  service 
staff  dedicated  solely 
to  business  people. 


right  now 


runninq  at 


keeps  adidas® 
full  speed. 


Only  Cingular  gives  adidas 
sales  representatives  instant 
access  to  account  histories 
and  customer  data.  Thanks  to 
Cingular's  ALLOVER "  network, 
the  largest  digital  voice  and 
data  network  in  America, 
adidas  field  representatives 
can  check  inventory,  place 
online  orders,  and  send  data  securely  from  almost  anywhere 
in  the  country.  The  result?  Increased  sales  and  decreased 
marketing  costs.  In  the  race  to  become  the  global  sporting 
goods  leader,  Cingular  gives  adidas  the  competitive  edge. 


CINGULAR  MAKES  BUSINESS  RUN  BETTER 


^  cingular 

raising  the  barr-iill 


Find  out  how  Cingular  can  make  your  business  run  better: 

Call  1 -866-4CWS-B2B  Call  your  account  representative  Clickcingular.com/businessleader 


Cingular’s  ALLOVER™  data  network  covers  over  250  million  people  and  is  growing.  Coverage  is  not  available  in  all  areas.  Global  coverage  based  on  coverage  in  174  countries.  Fastest  claim  compares  Cingular's  measured  speed  of  its  EDGE  network  to  other  carriers’  speed  claims  ft 
their  national  data  networks.  All  marks  property  of  their  respective  owners.  ©2005  Cingular  Wireless.  All  rights  reserved. 


14  COMPUTERWORLD  October  31, 2005 


NEWS 


www.computerworld.com 


An  International 
IT  News  Digest 


Extortion  Viruses  Target 
Systems  in  Russia  Again 

LONDON 

Two  new  versions  of  a  virus  that 
was  first  reported  in  May  are  be¬ 
ing  used  to  stage  renewed  attacks 
against  computers  in  Russia,  security 
researchers  said  last  week.  The  viruses 
encrypt  files,  and  their  authors  attempt 
to  extort  money  from  victims  in  return 
for  decoding  the  data. 

The  viruses,  called  JuNy.A  and 
JuNy.B,  search  for  more  than  100  file 
types  by  extension,  according  to  a 
warning  issued  by  San  Diego-based 
Websense  Inc.  The  renewed  attacks 
were  first  reported  on 
a  blog  published  by 
Kaspersky  Lab  in 
Moscow. 

So  far,  the  distribution 
of  the  new  viruses  ap¬ 
pears  to  be  limited  to  Rus¬ 
sia.  They’re  similar  to  the 
so-called  gpcode  virus 
that  struck  that  country 
in  May,  said  David  Emm,  a 
senior  technology  consul¬ 
tant  at  Kaspersky’s  office 
in  Abingdon,  England. 

Emm  said  it’s  suspected 
that  the  viruses  enter  a 
computer  after  a  user 
visits  a  certain  Web  site, 


either  by  exploiting  a  vulnerability  on 
the  system  or  activating  after  the  user 
runs  executable  code  containing  the 
viruses. 

■  JEREMY  KIRK,  ID6  NEWS  SERVICE 


African  Agency  Urges 
Open-Source  Adoption 

LUSAKA,  ZAMBIA 

he  new  Partnership  for  Africa’s 
Development  (NEPAD)  is  urging 
African  governments  to  embrace 
open-source  software  for  their  systems 
in  a  bid  to  encourage  indigenous  soft¬ 
ware  development  projects. 

While  there  have  been  some  open- 
source  initiatives  on  the 
continent,  including  the 
Impi  Linux  project  in 
South  Africa,  such  tech¬ 
nologies  aren’t  widely 
used,  according  to  Abel 
Chambeshi,  Zambia’s 
minister  of  transport  and 
communications. 

Chambeshi,  who  spoke 
at  an  international  work¬ 
shop  on  free  and  open- 
source  software  here 
last  week,  said  that  the 
NEPAD  has  issued  guide¬ 
lines  on  open-source  us¬ 
age  as  part  of  its  effort 
to  help  boost  adoption. 


GLOBAL  FACT 


Projected  growth  in 
R&D  spending  this 
year  by  South  Korean 
companies,  led  by  high’ 
tech  firms  Samsung 
Electronics  Co.  and  LG 
Electronics  Inc.,  as  well 
as  Hyundai  Motor  Co. 
The  growth  rate  is  the 
highest  worldwide. 

Source:  The  U.K.  Depart¬ 
ment  of  Trade  and  Industry 


The  NEPAD,  based  in  Johannesburg, 
South  Africa,  is  chartered  to  finance 
economic  development  projects  in 
Africa  and  has  been  trying  to  spur 
improvements  in  the  continent’s  IT 
infrastructures. 

■  MICHAEL  MALAKATA,  IDG  NEWS  SERVICE 


Munich’s  Vendors  Slow 
To  Migrate  Apps  to  Linux 

MUNICH 

HE  migration  of  some  300  busi¬ 
ness  applications  from  Windows 
to  Linux  is  among  the  top  chal¬ 
lenges  facing  the  city  of  Munich  as  it 
embarks  on  one  of  the  largest  public- 
sector  open-source  projects  in  Europe 
to  date. 

“We  knew  from  the  start  that  migrat¬ 
ing  our  many  city  administration- 
specific  applications  would  not  be 
easy.  And  it  isn’t,  frankly,”  said  Florian 
Schiessl,  one  of  the  managers  of  the 
city’s  Linux  migration  project.  The 
project,  called  LiMux,  will  deploy 
Linux  on  14,000  PCs. 

Schiessl  declined  to  say  how  many 
applications  have  been  migrated.  He 
said  that  one-third  of  the  city’s  soft¬ 
ware  suppliers  have  a  migration  path 
and  another  one-third  claim  they  are 
working  to  create  one.  The  rest  of  the 
vendors  have  remained  mum,  accord¬ 
ing  to  Schiessl.  “Our  goal  is  to  have 
80%  of  our  applications  migrated  by 
2008,”  he  added.  ©  57843 
■  JOHN  BLAU,  IDG  NEWS  SERVICE 


Compiled  by  Mike  Bucken. 


Briefly  Noted 

LM  Ericsson  Telephone  Co.  in 
Stockholm  last  week  agreed  to  buy 
parts  of  Marconi  Corp.  for  £1.2  bil¬ 
lion  ($2.1  billion  U.S.).  As  part  of 
the  deal,  Ericsson  gets  the  Marconi 
brand  along  with  the  Coventry, 
England-based  vendor’s  optical 
networking,  broadband  access 
and  softswitch  products,  as  well 
as  its  research  and  development 
operations. 

■  NANCY  G0HRING,  IDG  NEWS  SERVICE 


Advanced  Micro  Devices  Inc.  has 
licensed  the  core  technology  in  its 
Geode  microprocessor  to  Beijing 
University  and  China’s  Ministry  of 
Science  and  Technology.  The  two 
organizations  plan  to  use  the  tech¬ 
nology  to  develop  low-power  and 
embedded  processors  for  consumer 
and  commercial  applications. 

■  SUMNER  LEMON,  IDG  NEWS  SERVICE 


The  Office  of  the  U.S.  Trade  Rep¬ 
resentative  has  launched  an  inves¬ 
tigation  through  the  World  Trade 
Organization  to  obtain  information 
on  China’s  procedures  for  enforcing 
intellectual  property  rights.  The 
move,  which  stops  short  of  a  formal 
complaint,  is  aimed  at  pressuring 
Chinese  officials  to  step  up  efforts 
to  fight  software  piracy. 

■  STACEY  COWLEY,  IDG  NEWS  SERVICE 


Skype  Flaws  Prompt  Warnings 


Peer-to-peer  VoIP 
software  could 
pose  dangers  to  IT 

BY  JAIKUMAR  VIJAYAN 

The  growing  use  of  free  Inter¬ 
net  telephony  software  from 
Skype  Technologies  SA  could 
soon  create  the  same  security 
challenges  posed  by  other 
peer-to-peer  technologies,  say 
security  experts. 

The  warnings  come  after  last 
week’s  disclosure  of  two  criti¬ 
cal  flaws  in  Skype’s  software, 
one  of  which  could  allow  ma¬ 
licious  hackers  to  take  control 
of  compromised  systems.  Fix¬ 
es  for  both  problems  have  been 
released,  the  ci  •  ;  :ny  said. 


Skype,  which  eBay  Inc.  ac¬ 
quired  last  year  in  a  $2.6  bil¬ 
lion  deal,  offers  downloadable 
software  that  lets  PC  users 
make  free  Internet  telephone 
calls  to  one  another  and  low- 
cost  calls  to  telephone  users. 

Luxembourg-based  Skype 
claims  more  than  61  million 
registered  users.  About  30%  of 
that  total  use  the  software  for 
business  purposes,  it  said. 

Andreas  Wuchner-Bruhl, 
head  of  global  IT  security  at 
Novartis  Pharma  AG  in  Basel, 
Switzerland,  cited  two  prob¬ 
lems  created  by  the  spread  of 
Skype  in  corporate  settings. 

“The  major  one  is  around 
availability,”  he  said.  “Skype 
can  use  a  lot  of  network  band¬ 


width,  which  may  interfere 
with  business  applications  and 
services.”  Wuchner-Bruhl  said 
another  problem  with  Skype  is 
that  it’s  a  security  threat.  He 
noted  that  “every  nonstandard 
application  can  add  unneces¬ 
sary  risks  to  your  environ¬ 
ment.” 

Gartner  Inc.  suggested  in  an 
advisory  that  eBay’s  purchase 
of  Skype  could  trigger  devel¬ 
opment  investments  to  make 
Skype  more  suited  for  corpo¬ 
rate  use. 

In  the  meantime,  Gartner 
advised  business  users  to 
refrain  from  using  “voice  ser¬ 
vices  based  on  proprietary 
protocols  like  Skype  while  on 
corporate  networks,  because 


of  network  security  issues.” 

There  are  several  reasons 
for  such  concerns,  according 
to  industry  experts.  “Skype  is 
VoIP  on  steroids,”  capable  of 
punching  holes  through  many 
typical  corporate  network  de¬ 
fenses,  said  Tom  Newton, 
product  manager  at  Smooth- 
Wall  Ltd.,  a  vendor  of  firewall 
and  other  security  products  in 
Leeds,  England. 

Like  other  peer-to-peer 
technologies,  Skype  allows  its 
users  to  establish  direct  con¬ 
nections  with  one  another. 

Skype  is  also  “port  agile,” 
meaning  that  if  a  firewall  port 
is  blocked,  Skype  will  seek 
other  open  ports  to  establish 
a  connection,  Newton  said. 

As  a  result,  Skype  could 
provide  a  back  door  into  oth¬ 
erwise  secure  networks  for 
Trojan  horses,  worms  and 


viruses,  Newton  said.  It  could 
also  provide  a  channel  for  cor¬ 
porate  data  to  be  freely  shared 
among  users  without  any  se¬ 
curity  considerations,  he  said. 

Skype  uses  a  proprietary 
protocol  instead  of  standard 
protocols,  such  as  the  Session 
Initiation  Protocol,  used  by 
vendors  of  commercial  voice- 
over-IP  products.  Thus  there 
may  be  “unknown  vulnerabili¬ 
ties”  in  Skype,  said  John  Pesca- 
tore,  an  analyst  at  Gartner. 

So  far,  there  have  been  no 
major  attacks  directed  against 
Skype.  But  its  growing  in¬ 
stalled  base  will  inevitably 
make  it  a  hacker  target,  accord¬ 
ing  to  analysts.  As  a  result, 
companies  need  to  keep  a  close 
eye  on  both  the  sanctioned 
and  the  nonsanctioned  use 
of  Skype  on  their  networks, 
Pescatore  said.  ©  57862 
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Users  Are  Rethinking 
Disaster  Recovery  Plans 


Bank  dumps  its 
outsourcer,  brings 
program  in-house 

BY  LUCAS  MEARIAN 

ORLANDO 

nformation  technology 
operations  either  lack 
funding  for  disas¬ 
ter  recovery  proj¬ 
ects  or  are  rethinking 
how  to  protect  data  to 
better  ensure  that  sys¬ 
tems  can  be  restored 
in  case  of  a  disaster, 
said  users  at  the  Stor¬ 
age  Networking  World 
conference  here  last 
week. 

A1  Todd,  senior  vice 
president  of  the  IT 
services  division  at 
Pacific  Capital  Bancorp, 
said  his  company  has  decided 
to  stop  outsourcing  its  backup 
tasks  and  “bring  disaster  re¬ 
covery  in-house.”  The  bank  is 


the  midst  of  that  changeover 
now,  said  Todd,  who  partici¬ 
pated  in  a  panel  discussion  at 
the  conference. 

The  bank’s  service  provider 
uses  a  backup  facility  in  Phila¬ 
delphia,  far  from  Pacific  Capi¬ 
tal’s  primary  data  center  in 
Santa  Barbara,  Calif,  Todd 
said.  The  new  plan  calls 
for  using  an  in-house 
site  that  will  be  located 
about  240  miles  away 
from  the  data  center. 

“Our  main  concern 
was,  what  if  you  have  a 
disaster,  and  [several] 
banks  come  into  that 
site  at  the  same  time? 
Who  gets  first  dibs”  at 
using  the  data  center? 
he  said.  “I  want  it  to 
be  me.” 

Todd  wouldn’t  name 
the  service  provider,  saying 
only  that  it’s  a  “well-known, 
leading”  vendor. 

In  an  impromptu  poll  of 


over  1,000  conference  atten¬ 
dees,  many  IT  managers  indi¬ 
cated  that  disaster  recovery  is 
a  top  issue. 

For  example,  55%  of  the  re¬ 
spondents  said  that  executives 
at  their  companies  have  cost- 
justified,  though  not  necessari¬ 
ly  approved,  business  continu¬ 
ity  and  disaster  recovery  pro¬ 
jects.  Twenty-five  percent  said 
officials  have  found  that  tiered 
storage  architecture  projects 
meet  cost  criteria,  and  11%  said 
virtualization  technologies  are 
seen  as  important  enough  to 
warrant  funding. 

Jon  William  Toigo,  senior 
analyst  at  Toigo  Partners  Inter¬ 
national  LLC  in  Dunedin,  Fla., 
said  disaster  recovery  is  rarely 
a  front-burner  issue  for  IT  or¬ 
ganizations.  It’s  more  often  an 
insurance  policy  without  a  re¬ 
turn  on  investment,  which  is 
why  such  projects  can  be  so 
difficult  to  fund,  he  said. 

Hal  Weiss,  information  ser- 
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vices  systems  engineer 

at  Baptist  Memorial 
Health  Care  Corp.  in 
Memphis,  said  he’s 
having  trouble  getting 
upper  management  to 
approve  money  for  dis¬ 
aster  recovery  up¬ 
grades  because  of  bud¬ 
getary  constraints  and 
some  issues  unique  to 
his  industry.  “We’re  de¬ 
pendent  on  Medicaid 
[and]  Medicare  insur¬ 
ance  for  how  much  they’re  go¬ 
ing  to  reimburse  us  for  proce¬ 
dures,”  Weiss  said,  explaining 
why  funding  is  an  issue. 

“I  can’t  pick  the  applications 
that  the  organization  purchas¬ 
es,  because  they’re  dictated  by 
the  clinicians,”  said  Weiss, 
who  participated  in  the  panel 
discussion  with  Todd.  “Some¬ 
times  an  application  doesn’t 
lend  itself  to  a  [disaster  recov¬ 
ery]  strategy.  It  can  only  be 
one  machine  running  at  one 
time  for  a  specific  task.” 

Weiss  also  noted  that  Bap¬ 
tist  Memorial  has  two  storage- 
area  networks  from  separate 
vendors,  and  it  has  to  have 
two  disaster  recovery  schemes 
because  the  vendors’  network 


switches  can’t  com¬ 
municate. 

Todd  said  Pacific 
Capital  has  been  able 
to  cut  some  disaster 
recovery  costs  by 
classifying  its  data  so 
that  everything  need 
not  be  replicated  off¬ 
site.  Only  information 
from  “critical”  busi¬ 
ness  systems  is  repli¬ 
cated,  he  said.  And  the 
bank’s  legal  depart¬ 
ment  determines  what  data  is 
critical,  alleviating  political 
battles  with  business  units 
that  want  everything  protect¬ 
ed,  Todd  explained. 

An  issue  each  of  the  pan¬ 
elists  identified  was  the  need 
for  a  deletion  policy. 

Weiss  said  his  hospital  can’t 
delete  data  because  it  must 
save  everything  in  order  to 
comply  with  federal,  state  and 
local  regulations. 

“It’s  an  issue  at  the  bank,” 
Todd  said.  “We’re  going 
through  the  process  of  deter¬ 
mining  what  can  be  deleted 
right  now  with  the  legal  de¬ 
partment.  In  the  meantime, 
we’re  keeping  everything.” 
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WEISS  says  it’s 
tough  to  get 
funds  for  dis¬ 
aster  recovery 
in  the  health 
care  industry. 


Continued  from  page  1 

Securing  Data 

digital  tape  to  transport  infor¬ 
mation  between  offices.  Nev¬ 
ertheless,  Barber  said,  systems 
weren’t  restored  quickly 
enough  after  Wilma  knocked 
out  power  to  millions  in 
southern  Florida. 

“Our  challenges  [in  recent 
months]  have  been  to  put  to¬ 
gether  a  suite  of  services  that 
will  allow  for  disaster  recov¬ 
ery  and  business  continuity,” 
he  said. 

Holland  &  Knight’s  Fort 
Lauderdale  office  was  re¬ 
stored  Wednesday  morning, 
and  power  was  restored  to  the 
Miami  and  West  Palm  Beach 
offices  by  Friday,  he  said. 

Barber  said  the  recovery 
process  would  likely  have 
been  sped  up  if  real-time,  on¬ 
line  data-replication  tools  had 
been  used  during  the  disaster. 

But  now,  he  said,  “we’re  re¬ 
ally  trying  to  mitigate  [data 


loss]  through  backup 
and  replication.”  Bar¬ 
ber  said  his  firm  uses 
shipping  services  from 
United  Parcel  Service 
Inc.  to  move  backup 
tapes  among  some  30 
branch  offices.  Some 
tapes  are  encrypted, 
but  others  are  not. 

“That’s  a  risk,”  he  said. 

Barber  said  he’s 
working  toward  mov¬ 
ing  data  over  his  firm’s 
WAN  in  an  encrypted 
form,  which  he  said  will  cut 
some  transportation  costs, 
man-hours  and  the  risk  of  los¬ 
ing  tapes  now  moved  between 
offices. 

Greg  Schulz,  an  analyst  at 
Evaluator  Group  Inc.  in  Engle¬ 
wood,  Colo.,  suggested  that 
technologies  such  as  disk-to- 
disk  backup  can  facilitate  rapid 
data  recovery  and  restoration. 
And  continuous  data  protec¬ 
tion  can  improve  recovery¬ 
time  and  recovery-point  ob¬ 
jectives  in  mainstream  envi¬ 


ronments,  he  said. 

Ken  Black,  global 
storage  architect  at 
Yahoo  Inc.  in  Sunny¬ 
vale,  Calif.,  said  he’s 
seeking  new  ways  to 
encrypt  data  in  light 
of  recent  high-profile 
cases  of  data  loss  and 
because  of  federal 
guidelines  that  re¬ 
quire  an  emphasis  on 
security. 

“We  have  a  group 
called  the  Paranoids. 
They’re  our  security  people, 
and  they  look  for  holes  every¬ 
where  —  and  what’s  irritating 
is,  we’re  finding  them  every¬ 
where,”  Black  said. 

Yahoo  has  dozens  of  data 
centers  and  anywhere  from  4 
to  7  petabytes  of  data  to  man¬ 
age,  he  said.  And  with  so 
much  data,  his  storage  admin¬ 
istrators  are  struggling  to  keep 
up  with  backups. 

“We’re  trying  to  find  some¬ 
thing  that  helps  us  meet  our 
backup  windows,”  Black  said. 


“That’s  one  of  the  biggest 
hurdles  right  now.” 

Like  many  users  at  the  con¬ 
ference,  which  was  co-spon- 
sored  by  Computerworld  and 
the  Storage  Networking  Indus¬ 
try  Association,  Black  said  he’s 
testing  disk-to-disk  backup 
technologies  such  as  virtual 
tape  libraries. 

Cliff  Dutton,  chief  technolo¬ 
gy  officer  at  Ibis  Consulting 
Inc.  in  Providence,  R.I.,  which 
manages  200TB  of  network- 
attached  storage  as  part  of  its 
electronic  data  discovery  busi¬ 
ness,  said  he’s  also  concerned 
about  his  ability  to  track  data 
in  a  crisis. 

Dutton  said  he  doesn’t  repli¬ 
cate  data  to  an  off-site  facility 
because  data  restoration  must 
be  “almost  instantaneous.”  The 
cost  of  meeting  such  a  require¬ 
ment  using  an  off-site  facility 
would  be  prohibitive,  he  said. 

“If  something  is  down  for 
even  a  few  minutes,  it’s  a  hor¬ 
rible  problem  for  us,”  Dutton 
said.  O  57869 
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have  been 
quicker  with 
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Featuring  the  proven  reliability  of  Intel®  Xeon™ 
processors,  PRIMERGY  BX620  S2  blade  server 
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OW.  YOU  JUST  NEVER  know 
what’s  going  to  get  some  people 
riled  up.  I  thought  I  was  on  safe 
ground  last  week  when  I  suggest¬ 
ed  that  women  shouldn’t  be  paid 


less  than  men  for  doing 
the  same  work  [Quick- 
Link  57664],  Turns  out  I 
ruffled  a  few  peacock 
feathers  with  that  contro¬ 
versial  position. 

“It’s  all  liberal  crap!” 
one  reader  protested. 

“Men  are  bad  and  stupid. 

Women  are  angels  and 
victims.  (They  don’t  pro¬ 
mote  themselves!  Except 
when  they  are  showing 
off  to  get  a  raise.)  [And] 
what  they  were  saying  about  men  and 
crime  —  women  were  victims  and 
men  were  attackers!  This  year  women 
accounted  for  a  quarter  of  violent 
crimes  (a  news  [item]  little  report¬ 
ed).  Or  blame  discrimination  from 
judges  (white  males).  It  seems  like 
Computerworld  is  ‘mainstream  media.’ 
We  can’t  expect  anything  better!” 

At  least  this  reader  felt  strongly 
enough  to  take  the  time  to  express 
his  views  on  the  matter,  and  I  respect 
that.  I  probably  would  have  respect¬ 
ed  it  a  little  more  had  he  not  cloaked 
his  views  behind  a  curtain  of  ano¬ 
nymity,  but  what  the  heck.  And  I’m 
not  certain  how  crime  got  mixed  in 
to  the  discussion,  but  slamming 
women,  who  constitute  more  than 
half  of  the  population,  for  commit¬ 
ting  one-fourth  of  all  violent  crimes 
is  a  real  puzzler.  With  goofiness  like 
that  to  contend  with,  I  have  to  won¬ 
der  how  women  are  able  to  exercise 
so  much  violent-crime  restraint. 

It’s  almost  scarier  —  sort  of  insidi¬ 
ous  —  when  someone  expresses 
himself  in  a  more  rational  manner, 
but  promotes  the  type  of  thinking 
that  we've  passed  laws  to  protect 
ourselves  against.  Consider  this 
reader’s  position: 

“Women  are  justly  paid  a  little  less 


don  tennant  is  editor  in 
chief  of  Computerworld. 
You  can  contact  him  at 

don.tennant® 

computerworld.com. 


than  men  on  average,  be¬ 
cause  they  are  far  more 
likely  to  abandon  their 
careers  to  pursue  raising 
a  family,”  he  explained. 
“The  salary  discrepancy 
merely  reflects  the  addi¬ 
tional  risk  the  employer 
is  taking  on  when  hiring 
a  woman.  Perhaps  it 
shouldn’t  be  10%  less, 
but  it  should  be  some¬ 
what  less  (averaged  over 
the  whole  economy).” 

Well,  that’s  an  interesting  argu¬ 
ment,  and  a  sensible  one  if  you’re 
talking  about,  say,  insurance  rates  for 
teenage  drivers.  But  we  as  a  nation 
have  decided  that  we  don’t  w’ant  em¬ 
ployers  discriminating  by  gender 
when  it  comes  to  wages.  The  Equal 
Pay  Act,  which  amended  the  Fair  La¬ 
bor  Standards  Act  in  1963,  prohibits 
that.  It  stipulates  that  where  employ¬ 
ees  perform  equal  work  in  jobs  re¬ 
quiring  “equal  skill,  effort,  and  re¬ 


sponsibility  and  performed  under 
similar  working  conditions,”  they 
should  be  provided  equal  pay. 

None  of  this  is  to  say  that  the  issue 
is  entirely  black  and  white.  Another 
reader  complained  that  having  got¬ 
ten  my  “shorts  in  a  knot”  over  the 
gender  wage  gap,  I  failed  to  ade¬ 
quately  address  the  longevity  factor. 

“Women  tend  to  drop  out  of  the 
workforce  more  often  than  men, 
leaving  them,  on  average,  with  short¬ 
er  careers,”  he  wrote.  “Sure,  more 
and  more  women  are  re-entering 
their  careers  later  —  after  the  kids 
have  started  school,  for  example. 

But  the  net  effect  is  that  the  average 
years  of  career  work  (not  to  demean 
the  work  required  to  raise  kids)  for 
women  is  less  than  men.” 

Clearly,  to  the  extent  that  lower 
pay  is  attributable  to  shorter  tenure 
—  or  to  any  other  legitimate  factor, 
for  that  matter  —  we  should  indeed 
keep  our  apparel  unknotted.  What’s 
important  is  that  fairness  and  justice 
prevail.  The  problem  is  that  we’re 
not  yet  to  the  point  where  we  can  all 
look  each  other  in  the  eye  and  say 
they  do.  ©  57831 
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VIRGINIA  ROBBINS 

Acquiring 
The  Skills  of 
Acquisition 

I’VE  BEEN  SOLD.  More  pre¬ 
cisely,  the  majority  of  the 
assets  of  my  company  have 
been  sold  to  a  competitor. 

The  products,  infrastructure  and  intel¬ 
lectual  property  that  my  team  and  I 
built  for  four  years  will  belong,  by  the 
time  you  read  this,  to  someone  else. 
This  is  my  fifth  acquisition  as  a  buyer 
or  a  seller.  Being  sold  feels  different 
from  being  the  buyer,  but  the  prepara¬ 
tions  are  the  same  in  four  key  areas. 

1.  People.  Arrogance,  rudeness  and 
contempt  can’t  be  tolerated.  Mary  in 
networking  may  be  a  reliable  adminis¬ 
trator,  but  if  she  doesn’t  work  well  with 
people  today,  it’s  unlikely  that  she’ll 
work  better  with  an  integration  team 
next  month  that’s  likely  to  question  her 
work.  If  you’ve  been 
sheltering  an  IT 
misfit,  monitor  her 
interactions  or  con¬ 
sider  releasing  her. 

If  you’ve  never 
systematically  re¬ 
viewed  your  staff, 
now  is  the  time  to 
candidly  do  so.  Are 
their  skills  current? 

Can  an  outsider  con¬ 
firm  this? 

Certifications  can 
be  helpful.  Consider 
encouraging  your 
best  to  test.  In  the 
preacquisition  peri¬ 
od,  few  large  new 

projects  are  begun.  Use  this  time  to  of¬ 
fer  staff  training.  Longer-term  classes 
can  be  part  of  your  overall  retention 
program. 

Understand  your  staff’s  strengths, 
weaknesses  and  preferences.  Harry 
may  be  terrific,  but  if  he  would  prefer 
to  work  at  a  smaller  company,  it  might 
be  better  for  him  to  do  that. 

Review  your  incentive  programs. 
Buyers  need  staffers  to  take  on  addi¬ 
tional  work  to  integrate  operations. 
Sellers  need  staffers  to  run  operations 
until  the  integration  is  complete.  In  the 
short  term,  money  can  motivate. 

2.  Process  management.  Does  your 
staff  clearly  understand  how  work  is  to 
be  done?  You  can’t  be  in  on  every  dis- 
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cussion.  Your  staffers  will  need  to 
make  decisions  more  quickly  than  they 
did  before. 

Do  they  understand  why  their  proce¬ 
dures  include  certain  steps?  In  an  ac¬ 
quisition,  specialists  will  soon  be  sug¬ 
gesting  or  making  changes.  If  your  staff 
can’t  speak  up  and  explain  why  some¬ 
thing  shouldn’t  be  done,  the  resulting 
mess  may  be  yours. 

3.  Assets.  If  you  haven’t  done  a  physi¬ 
cal  inventory  recently,  now  is  the  time 
to  complete  one.  If  you’re  not  sure 
about  your  intellectual  property  and 
how  Accounting  and  Legal  have  man¬ 
aged  it,  now  is  the  time  to  ask.  Make 
sure  that  you  have  complete,  accurate 
records  that  make  sense  to  your  CFO. 

If  you’re  acquiring,  you’ll  need  to  make 
sure  you  can  easily  add  the  acquisi¬ 
tion’s  asset  records  to  yours.  If  you’re 
being  acquired,  some  technology  as¬ 
sets  will  be  part  of  the  purchase  price. 

4.  Opportunity.  Good  people  with  up- 
to-date  skills  who  work  well  together 
create  opportunities.  Clearly  docu¬ 
mented  procedures  and  records  dem¬ 
onstrate  management  skills.  Make  sure 
you  know  what  opportunities  may  be¬ 
come  available. 

Your  greatest  opportunity  will  be  in 
how  you  choose  to  lead.  Lead  poorly, 
and  you  may  be  one  of  the  first  to  go  — 
regardless  of  whether  you’re  acquiring 
or  being  acquired.  Lead  well,  and  you 
may  find  yourself  with  greater  oppor¬ 
tunities.  Have  your  message  well  craft¬ 
ed  and  aligned  with  your  company’s 
objectives.  If  you  don’t  know  some¬ 
thing,  say  so.  If  you  can’t  say  so,  say 
that.  Don’t  guess,  and  whatever  you  do, 
don’t  overpromise.  If  the  news  is  bad, 
explain  it  fairly. 

Finally,  tie  your  actions  to  your 
message.  You  will  know  if  you’ve  been 
successful.  Bill  Owens,  the  governor 
of  Colorado,  put  it  best  when  he  said, 
“Actions,  not  words,  are  the  ultimate 
results  of  leadership.”  ©  57764 


MICHAEL  GARTENBERG 

Information 
Must  Follow 
Users  Freely 

Four  years  ago,  I  out¬ 
lined  a  vision  for  what  I 
called  “ubiquitous  com¬ 
puting”  and  explained  why  it 
was  important.  To  recap,  ubiquitous 
computing,  or  digital  ubiquity,  was 


made  up  of  three  intercon¬ 
necting  trends.  The  first  was 
the  growth  in  the  number  of 
end  users  with  digital  de¬ 
vices,  including  the  PC  but 
extending  beyond  it  as  well. 

The  second  was  end-user 
access  to  multiple  connec¬ 
tion  points  for  wide-area,  lo¬ 
cal  and  personal  networks. 

And  the  third  was  a  host 
of  digital  services  for  busi¬ 
ness  and  personal  use  run¬ 
ning  on  the  devices. 

All  of  that  came  to  pass 
more  or  less  as  described, 
and  with  it  came  new  chal¬ 
lenges  for  IT  departments. 

Support  for  multiple  access 
points  and  a  host  of  new  de¬ 
vices  to  deal  with  were  only 
the  beginning.  While  most 
organizations  have  learned 
to  deal  with  digital  ubiquity  (in  some 
cases  by  trying  to  ban  end-user  device 
adoption),  it’s  time  to  prepare  for  the 
next  thing  as  we  move  beyond  digital 
ubiquity  to  contextual  flow. 

So,  what  is  contextual  flow?  This  no¬ 
tion  builds  on  the  digital  ubiquity  con¬ 
cepts  but  takes  them  much  further. 
Contextual  flow  is  marked  by  the 
seamless  transition  from  one  digital 
context  to  another,  regardless  of  loca¬ 
tion  or  type  of  device  used  or  the  na¬ 


ture  of  the  content  or  infor¬ 
mation  being  accessed. 
That  might  sound  like  a  tall 
order,  but  users  are  going 
to  expect  this  level  of  ser¬ 
vice  —  and  expect  it  soon. 

We’re  still  living  in  a 
world  where  too  much  of 
the  information  we  need  is 
stored  in  silos.  Meanwhile, 
people  work  and  play  in 
different  places  than  they 
used  to,  and  they  want 
their  information  to  flow 
freely  and  follow  them  as 
their  individual  contexts 
change. 

Like  digital  ubiquity,  con¬ 
textual  flow  is  also  marked 
by  three  trends.  First,  infor¬ 
mation  is  ubiquitous  and 
flows  seamlessly  between 
locations. 

Second,  personal  and  business  do¬ 
mains  are  intermingling,  with  a  mobile 
bridge  in  the  middle. 

Third,  a  ubiquitous  identity  moves 
from  domain  to  domain. 

Imagine  recording  a  TV  show  on  a 
device  in  your  home  and  then  watch¬ 
ing  some  of  it  before  leaving  for  work. 
On  the  train,  you  pick  up  exactly 
where  you  left  off  and  finish  watching 
in  time  to  talk  about  it  over  coffee  with 
your  colleagues.  You  still  have  some 


time  to  kill,  so  you  quickly  check  your 
corporate  mail  and  discover  there’s  a 
memo  that  needs  to  be  rewritten.  You 
start  outlining  thoughts  just  as  the 
train  pulls  in.  When  you  get  to  your 
desk  shortly  thereafter,  you  pick  up  the 
memo  where  you  left  off,  send  it  off 
and  begin  chatting  with  a  co-worker 
about  last  night’s  TV  episode. 

This  is  a  pretty  basic  scenario,  but  it 
illustrates  just  what’s  going  to  happen, 
if  it  isn’t  happening  already.  Using  a  va¬ 
riety  of  devices  and  services  already 
on  the  market,  that  scenario  is  totally 
possible  today. 

In  fact,  this  column  started  life  on  a 
Treo,  flowed  from  there  seamlessly 
over  to  my  laptop  at  home  and  was 
then  sent  to  Computer-world  over  a 
wireless  WAN  while  I  had  lunch  in  a 
cafe  and  CNBC  streamed  live  in  the 
background  on  my  screen  from  a  TiVo 
on  my  home  network. 

What  does  this  mean  for  IT  depart¬ 
ments?  Well,  it’s  potentially  disruptive 
from  a  support  perspective,  but  like  all 
good  disruptions,  it  presents  opportu¬ 
nities  to  get  ahead  of  the  curve  and 
win  points  with  end  users.  Welcome  to 
the  new  world.  Again.  ©  57645 
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The  Legend  of  the  Mark  IV  Moth  Is  a  Myth 


Back  in  the ’80s,  I  was  thrilled 
to  read  about  the  Mark  IV  com¬ 
puter  operators  finding  a  moth 
smashed  in  the  relays.  This  kind  of 
mythology  made  the  otherwise  dry 
history  more  interesting  and  added 
a  level  of  inside  knowledge.  But  in 
researching  a  college  paper  on 
computer  history,  I  found  that  this 
anecdote  was  baseless.  Nonethe¬ 
less,  college  students  were  still  be¬ 
ing  taught  this  false  history  in  the 
'90s  despite  a  column  in  Entrepre¬ 
neur  that  verified  that  none  of  the 
original  Mark  IV  operators  remem¬ 
bered  such  an  incident  (although 
they  did  find  a  moth  once  and  put  it 
in  their  log  book  as  a  joke). 

This  article  [“Share  Poll:  Sar- 
banes-Oxley  Seen  as  Biggest  IT 
Time  Waster,”  QuickLink  a73Q0] 
ended  with  Share  President  Robert 
Rosen  claiming  that  Brace  Hopper 
had  coined  the  term  bug  after  find¬ 
ing  an  actual  moth  in  a  computer. 
The  term  bug  has  been  used  for 


hundreds  of  years  to  refer  to  a  prob¬ 
lem  (especially  one  that’s  difficult  to 
diagnose)  in  machinery.  Many  of  the 
engineers  working  on  the  first  main¬ 
frames  were  recruited  from  other 
lines  of  work,  so  much  of  the  IT  ter¬ 
minology  we  have  today  is  an  amal¬ 
gamation  of  terms  that  stuck  when 


The  visibility,  transparency 
and  understanding  of  complex 
systems  can  only  be  achieved 
through  an  effort  like  the  one  being 
forced  through  regulation  [“Share 
Poll:  Sarbanes-Oxley  Seen  as  Big¬ 
gest  IT  Time  Waster,”  QuickLink 
a7300], 

IT  never  did  its  job  properly,  and 
now  a  compliance  requirement  is 
forcing  IT  professionals  to  revisit 
the  poor  practices  that  have  been 
traits  of  internal  IT  departments: 
buying,  deploying  and  using  hard¬ 
ware;  not  understanding  the  busi- 


they  were  used  in  the  computer 
context,  including  the  word  bug. 

I  hope  there  will  be  another  article 
in  Computerworld dealing  with  these 
quaint,  but  nonfactual,  anecdotes. 
Whole  generations  of  computer  pro¬ 
fessionals  are  being  raised  on  them. 
Fred  E.  Brandli  Jr. 

Network  administrator/ 
developer,  Lowell,  Ark. 


ness  intent;  not  preparing  for  appro¬ 
priate  security;  not  building  reten¬ 
tion  and  auditing  mechanisms;  and 
when  all  else  fails,  blindly  buying  a 
package,  hiring  a  consulting  firm  or 
simply  outsourcing. 

Sarbanes-Oxley  is  now  challeng¬ 
ing  that  and  asking  IT  to  get  its 
house  in  order.  It  is  the  first  hint  of 
what  is  to  come  as  reliance  on  com¬ 
puter  systems  increases  for  all  busi¬ 
ness  functions. 

Instead  of  embracing  this  as  an 
opportunity  for  which  the  CEO  is 
forced  to  provide  funds,  and  using  it 


to  get  better  at  doing  IT,  we  are 
complaining.  That  is  just  great  and 
actually  more  fodder  for  the  likes  of 
Nicholas  Carr  and  other  critics  of 
our  performance,  especially  CFOs 
and  CEOs. 

Nauman  Sheikh 
Director  of  technology 
strategy,  Experian  Marketing 
Services,  Experian  Inc., 

Costa  Mesa,  Calif, 

Nauman.sheikh@ 

experian.com 
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Sarb-Ox  Forces  IT  to  Get  Its  House  in  Order 


You  need  a  darn  good  reason 
to  introduce  another  vendor 
into  your  network.  Here  are  four. 

Our  intelligent  overlay  network 
delivers  automated  core-to-edge 
security.  It's  based  on  an  open 
architecture.  It  optimizes 
applications.  It  makes  VoIP  possible 
on  your  existing  infrastructure. 

And  that  is  just  the  beginning. 
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QUICKSTUDY 

MTBF 

Mean  time  between  failures  and  the  related 
mean  time  to  failure  are  measures  of  hardware 
reliability,  usually  expressed  in  hours.  They  indi¬ 
cate  in  statistical  terms  the  working  lifetime  of  a 
given  component.  Page  30 


SECURITY  MANAGER'S  JOURNAL 

Making  the  Move 
From  IDS  to  IPS 

Mathias  Thurman  decides  that  the  benefits  of 
moving  from  an  intrusion-detection  system  to 
inline  intrusion-prevention  technology  out¬ 
weigh  the  drawbacks.  Page  34 


Q&A 

Redefining  Cool 

HP  Labs’  Chandrakant  Patel 
discusses  his  research,  which 
could  lead  to  cooler  data  cen¬ 
ters  that  use  50%  less  energy. 

Page  28 


SPYWARE  USED  TO  BE  THOUGHT  of  as  a 
consumer  problem.  Now  it  has  IT’s  full 
attention,  and  it’s  no  wonder:  In  a 
Computer-world,  survey  of  subscribers 
with  IT  security  responsibilities  that 
was  conducted  for  this  story,  79%  of 
the  577  respondents  said  they’ve  had  prob¬ 
lems  with  spyware  in  the  past  12  months,  and 
71%  said  they  see  it  as  a  threat  to  their  organi¬ 
zations.  While  spyware’s  major  impact  has 
been  on  the  help  desk  because  of  spyware- 
related  system  reliability  and  performance  is¬ 
sues,  the  unwanted  programs  are  also  viewed 
as  a  growing  security  threat  —  one  that  84% 
of  respondents  said  is  increasing. 

The  good  news  is  that  IT  organizations 
are  finally  starting  to  get  the  kinds  of  tools 
that  are  needed  to  bring  the  problem  under 
control.  The  evolution  of  centrally  managed, 
enterprise-class  antispyware  tools  for  the 
desktop  and  the  emergence  of  spyware-sawy 
gateways  for  the  network  perimeter  are  help¬ 
ing  IT  organizations  identify  and  eliminate 
spyware  programs  and  block  new  ones  from 
infecting  business  PCs.  Although  the  tools 
are  new  and  still  maturing,  41%  of  our  survey 
respondents  said  they  are  already  using  enter- 

Continued  on  page  26 


With  spyware  now  a 
top  IT  security  concern, 
organizations  are  finally 
starting  to  rein  in  the 
unwanted  software. 


BY  ROBERT  L.  MITCHELL 


IBM  eServer™  xSeries' 


TECHNOLOGY  THAT  GETS  YOU ! 

“EVERYTHING’S! 
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Affordable,  reliable,  easy  to  manage:  eServer  xSeries  with  Inter®  Xeon™  Processors 


IBM  eServer  xSeries  226  Express 

An  entry-level  2-way  server  that 
offers  the  reliability  and 
performance  needed  for  day-to- 
day  computing.  Easy  to  set  up 
and  deploy,  with  access  to  all 
major  system  components. 

System  features 

Up  to  two  Intel®  Xeon™ 
Processors  3GHz/2MB 
Two-way  tower  with 
rack  capability 
Up  to  6  hot-swappable 
SCSI  hard  disk  drives 
Integrated  RAID  0,1 
Limited  warranty:  up  to  3 
years  on-site3 

From  $1,6394* 

(Other  configurations  as  low  as  $1,229) 

IBM  Financing  Advantage 

Only  $46  per  month5 


IBM  eServer  xSeries  346  Express 

Help  maximize  performance  and 
improve  availability  in  a  rack 
dense  environment  with 
Xtended  Design  Architecture!" 
Includes  Calibrated  Vectored 
Cooling,  an  IBM  innovation  that 
helps  increase  uptime. 

System  features 

Up  to  two  Intel®  Xeon™ 
Processors  3GHz/2MB 

Two-way  2U  rack  server 

Up  to  16GB  DDR2  memory 
using  8  DIMM  slots  with 
enhanced  memory 

Limited  warranty: 

3  years  on-site3 

From  $3,3154* 

(Other  configurations  as  low  as  $2,219) 

IBM  Financing  Advantage 

Only  $93  per  month5 


IBM  eServer  xSeries  260  Express 

IBM’s  newest  third-generation 
Enterprise  X-Architecture® 
server.  Designed  for  companies 
looking  for  database,  e-mail, 
Web/e-commerce  or  consolidated 
application  serving. 

System  features 

Up  to  four  64-bit  Intel®  Xeon™ 
Processors  MP,  up  to  3.66GHz 

Four-way  tower  or  7U  rack 
capability 

Up  to  3.6TB  hot-swappable 
SAS  (serial  attach  SCSI) 
hard  disk  storage 

Up  to  64GB  of  memory  with 
advanced  memory  protection 
Limited  warranty:  3  years  on-site3 

From  $5,3994* 

(Other  configurations  as  low  as  $4,599) 

IBM  Financing  Advantage 

Only  $151  per  month5 
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Flexible  and  easy  to  use 


IBM  eServer  BladeCenter  HS20  Express 

Offers  extreme  flexibility  and 
scalability,  plus  it  helps  to 
consolidate  and  simplify  your 
infrastructure.  Helps  reduce 
power  consumption  and  save 
valuable  floor  space. 

System  features 

Up  to  two  Intel®  Xeon™ 
Processors  3.20GHz/2MB 
Up  to  14  blades  per  chassis 
Supports  both  32- 

and  64-bit  applications 

IBM  Director2 _ 

Limited  warranty: 

3  years  on-site3 

From  $2,8994* 

(Other  configurations  as  low  as  $1,669) 

IBM  Financing  Advantage 

Only  $81  per  month5 


IBM  TotaiStorage®  Simplify  storage  management  to  improve  productivity 


IBM  TotaiStorage  DS300  Express 

This  entry-level,  cost-effective  iSCSI  host- 
attached  storage  system  utilizes  your  existing 
network  infrastructure  to  deliver  advanced 
functionality.  Provides  an  exceptional  SAN 
storage  solution  with  xSeries  servers  for 
e-mail/file/print. 


System  features 

3U  rack  mount  entry-levei 
with  two  controllers 
Support  for  up  to  14 

Ultra320  SCSI  disk  drives 

From  $6,4554* 

(Other  configurations  as  low  as  $2,995) 


Starts  at  584GB  / 
scales  to  4.2TB6 

Limited  warranty:  1  year 
on-site3 


IBM  Financing  Advantage 

Only  $180  per  month5 


’’All  prices  are  IBM's  estimated  retail  selling  prices  as  of  September  13, 2005.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are  subject  to 
availability.  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  1.  IBM  Director  is  not  available  on  TotaiStorage 
products.  2.  IBM  Director  must  be  installed.  Products  included  in  IBM  Express  Servers  and  Storage  may  also  be  purchased  separately.  3.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor,  IBM  will 
attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  On-site  warranty  is  available  only  lor  selected  components.  4.  Prices  subject  to  change  without  notice.  Starting  price  may  not  include  a  hard 
drive,  operating  system  or  other  features.  Contact  your  IBM  representative  or  IBM  Business  Partner  for  the  most  current  pricing  in  your  geography.  5.  IBM  Global  Financing  offerings  are  provided  through  IBM  Credit  LLC  in 


USED  TO  SAYING: 
UNDER  CONTROL’ 


IBM  Express  Servers  and  Storage  m  for  mid-sized  business. 

Know  an  I.T.  person  who  doesn’t  like  to  hear  that  “everything's  under  control”? 
We  don’t.  That’s  why  we  offer  an  innovative  management  tool  called  IBM 
Director  that  can  alert  your  I.  T.  people  to  potential  problems  up  to  48  hours  in 
advance! 

And  our  Calibrated  Vectored  Cooling  on  select  xSeries ®  servers  helps  cool  your 
systems  more  efficiently.  Packing  more  servers  into  a  single  rack.  Helping  to 
save  space,  energy,  money. 

With  IBM  Express,  innovation  comes  standard.  That’s  true  for  servers,  storage 
and  printers.  Your  local  IBM  Business  Partner  can  tell  you  more.  And  remember, 
you  can  keep  your  technology  current  while  helping  to  reduce  costs  -  through 
IBM  Global  Financing. 

Excited?  No  need  to  control  yourself.  Get  started  today. 


Save  time.  Save  costs.  Save  the  day!  (Optimize  your  I.T) 

ibm.com/systems/innovatel 

1  800-IBM-7777  mention  104CE04A 


IBM  TotalStorage  DS400  Express 


System  features 


Exceptional  entry-level  solution  for  workgroup 
storage  needs.  With  advanced  functionality, 
the  DS400  supports  xSeries  servers  and 
utilizes  hot-swap  Ultra320  SCSI  drives  for 
high  reliability. 


3U  rack  mount  entry-level  with  up  to  Starts  at  584GB  /  scales  to  12TB6 
two  controllers 

2GB  Fibre  Channel  storage  systems  Limited  warranty:  1  year  on-site3 
area  network  (SAN) 

From  $8,4954*  IBM  Financing  Advantage 

(Other  configurations  as  low  as  $4,995)  Only  $237  per  month5 


the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly  payments  provided  are  lor  planning  purposes  only  and  may  vary  based  on  your  credit  and 
other  factors.  Lease  otter  provided  is  based  on  a  F:MV  lease  ot  36  monthly  payments.  Other  restrictions  may  apply.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  6.  Denotes  raw  storage 
capacity.  Usable  capacity  may  be  less.  IBM,  the  IBM  logo,  eServer,  BladeCenter,  xSeries,  TotalStorage,  IBM  Express  Servers  and  Storage,  Enterprise  X-Architecture  and  Xtended  Design  Architecture  are  trademarks  or  registered 
trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Intel,  Intel  Inside,  the  Intel  Inside  logo,  and  Intel  Xeon  are  trademarks  or  registered  trademarks  ot  Intel  Corporation  or  its 
subsidiaries  in  the  United  States  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2005  IBM  Corporation.  All  rights  reserved. 
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SPYWARE  RISING 

Computerworld surveyed  577  executive-level  IT  professionals  from  its  subscriber  base  and  asked 
them  to  share  their  views  of  the  spyware  problem.  Names  were  randomly  chosen  from  a  select 
group  with  IT  management  job  titles  and  involvement  in  planning  or  purchasing  IT  security-related 
products  or  technologies.  Responses  were  gathered  this  month.  Here’s  what  they  had  to  say: 


Have  you  experienced 
problems  with  spyware 
in  the  past  12  months? 


How  do  you  perceive 
the  threat  level  presented 
by  spyware? 


What  are  the  spyware- 
related  problems  you 
have  experienced  in  the 
past  12  months? 


Desktop  support/ 
performance  issues 


Trojan  or  other  backdoor 
access  allowed  break-in 


m 

22% 


Destruction  of 
data  or  programs 


Loss  of  personal 
information 


A  significant 
threat 


I  Loss  of  organization's  data 
*  or  intellectual  property 


Identity  theft 


No  problems 


14% 

7% 

6% 

3% 

5°/o 

17% 


Not  a  threat 

3% 

NOTE:  Does  not  total  100%  due  to  rounding. 

Do  you  think  the  spyware 
threat  is  increasing,  decreas¬ 
ing  or  staying  the  same? 

About  the  same 


Increasing 


Effectiveness  ratings  of 
enterprise-class 
antispyware  products 


EFFECTIVE  OR 
SOMEWHAT  EFFECTIVE  AT: 


Detecting  spyware 


Preventing  spyware 


NOT  VERY  EFFECTIVE  OR 
INEFFECTIVE  AT: 


NOTE:  Does  not  total  100%  due  to  rounding. 


BASE:  235  respondents  whose  organizations  currently 
use  enterprise-class  antispyware  products 


Continued  from  page  23 
prise-ready  antispyware  software. 

At  TeiCove,  the  use  of  enterprise 
antispyware  software  has  cut  help  desk 
call  volumes  by  about  30%,  says  Win¬ 
dows  server  administrator  Anthony 
Waters.  The  help  desk  at  the  Canons- 
burg,  Pa. -based  telecommunications 
company  fields  calls  from  1,500  users 
in  72  offices.  As  spyware-related  calls 
to  the  help  desk  skyrocketed  late  last 
year,  the  task  of  cleaning  PCs  with 
stand-alone  antispyware  tools  and 


reimaging  badly  infected  machines 
became  overwhelming.  “It  was  just 
crazy,”  Waters  says. 

Last  December,  Waters  added 
McAfee  Inc.’s  AntiSpyware  Enterprise 
to  his  antivirus  software  and  deployed 
it  to  the  desktops  using  McAfee’s  Poli¬ 
cy  Orchestrator  software.  Early  on,  the 
software  didn’t  catch  all  spyware  pro¬ 
grams,  and  in  some  cases,  programs  it 
had  supposedly  removed  came  back. 
“But  as  we  got  different  [updates],  that 
part  has  improved,”  Waters  says.  This 


spring,  he  also  upgraded  all  PCs  to 
Windows  XP  with  Service  Pack  2,  a 
move  that  helped  eliminate  several 
Windows  and  Internet  Explorer  vul¬ 
nerabilities  that  spyware  programs  are 
known  to  exploit.  Now,  Waters  says, 
spyware-related  help  desk  calls  have 
almost  been  eliminated. 

One  year  ago,  few  enter¬ 
prise-ready  antispyware  tools 
were  available.  Today,  every 
major  antivirus  software  ven¬ 
dor  has  an  offering  for  the 
problem  that  Microsoft  Corp. 
says  was  responsible  for  one 
out  of  every  three  Windows 
system  crashes  last  year.  Al¬ 
though  the  tools  are  still  ma¬ 
turing,  IT  is  going  ahead  with 
deployments,  according  to 
IDC  analyst  Brian  Burke.  “It’s 
now  the  third-most-imple¬ 
mented  security  software,  af-  1“  ■*  *» 
ter  antivirus  and  firewalls,”  he  says. 

While  IT  organizations  worry  that 
spyware  can  potentially  be  used  to 
steal  sensitive  data,  just  6%  of  the  Com¬ 
puterworld  survey  respondents  who 
reported  spyware  problems  cited  a  re¬ 
sulting  loss  of  organizational  data  or  in¬ 
tellectual  property.  But  more  than  half 
reported  increased  help  desk  activity 
resulting  from  spyware  infections. 

Commercial  adware  continues  to 
cause  reliability  and  performance  is¬ 
sues  for  business  users.  Twenty-two 
percent  of  respondents  reported  that 
the  more  insidious  programs  —  Tro¬ 
jans,  keyloggers,  dialers  and 
remote-control  programs  — 
resulted  in  break-ins,  while 
14%  experienced  destruction 
of  data  or  programs.  The  rea¬ 
son  those  numbers  aren’t 
higher  is  probably  because 
such  exploits  are  increasing¬ 
ly  being  picked  up  by  other 
security  layers. 

At  TeiCove,  for  example, 
desktop  antivirus  software 
has  caught  dialers  and  Tro¬ 
jans.  But  information  securi¬ 
ty  professionals  also  worry 
about  data  loss  through  mali¬ 
cious  use  of  the  mechanisms  and  com¬ 
munication  channels  that  adware  uses. 

“The  main  issue  is  the  kinds  of  things 
that  come  through  Ports  80  and  443, 
which  are  the  general  business  ports. 

It’s  hard  to  block  those,”  says  Randy 
Sanovic,  general  director  of  information 
security  at  General  Motors  Corp.  Anti¬ 
spyware  tools  address  those  concerns. 

Help  desk  calls  tend  to  underreport 
the  scope  of  the  spyware  problem  be¬ 
cause  users  don’t  complain  until  their 
systems  have  become  almost  totally  un- 


of  those  surveyed 

said  they  are  con¬ 
cerned  or  very 
concerned  about 
the  possibility 
that  spyware 
might  be  used  for 
identity  theft. 


said  they  are 
concerned  or 
very  concerned 
about  the 
possibility  that 
spyware  might 
be  used  for 
industrial 
espionage. 


stable.  They  wait  until  “they  can’t  toler¬ 
ate  it  anymore  or  you  have  a  complete 
breakdown  of  the  computer,”  says  Paul 
Bryan,  director  of  product  management 
for  client  security  at  Microsoft. 

Peter  Wallace  knew  from  help  desk 
call  volumes  that  he  had  a  spyware 
problem  at  AAA  Reading-Berks,  an  auto 
club  in  Wyomissing,  Pa.  But 
the  extent  of  the  infection  sur¬ 
prised  even  him.  When  he  ran 
eTrust  PestPatrol  across  the 
organization’s  90  machines, 
he  found  that  70%  had  prob¬ 
lems.  Deployment  of  the  anti¬ 
spyware  software  cut  the  time 
he  spent  addressing  spyware 
issues  from  20  hours  a  week 
to  a  few  minutes  a  day  review¬ 
ing  reports,  he  says. 

Sam  Curry,  vice  president 
of  eTrust  security  manage- 
«“  •“  J  ment  at  Computer  Associates 
International  Inc.,  says  the  company’s 
PestPatrol  customers  typically  find  25 
to  90  instances  of  spyware  per  PC.  Sta¬ 
tistics  like  that  are  what  worry  GM’s 
Sanovic  and  other  IT  executives  who 
haven’t  yet  deployed  antivirus  tools 
enterprisewide.  “What  you  don’t  know 
is  the  problem  with  spyware.  If  you 
don’t  look,  you  don’t  know  when  you 
are  exposed,”  Sanovic  says. 

Gateway  appliances  on  the  network 
are  also  getting  better  at  blocking  spy- 
ware  activity.  At  Exchange  Bank,  an 
intrusion-prevention  appliance  from 
Internet  Security  Systems  Inc.  blocks 
spyware  activity,  says  Bob 
Gligorea,  information  security 
officer  at  the  Santa  Rosa, 
Calif.-based  bank.  “The  ones  it 
doesn’t  catch  [during  down¬ 
load],  it  catches  when  they  try 
to  go  to  the  Internet,”  he  says. 
His  staff  then  issues  a  trouble 
ticket  to  remove  the  spyware. 
Gligorea  also  plans  to  add  Web 
filtering  software  and  ISS’s 
Proventia  Desktop  to  detect 
and  block  spyware  activity. 

At  Philadelphia  Stock  Ex¬ 
change  Inc.,  Gene  Peters  has 
been  holding  off  on  buying 
desktop  antispyware  tools,  but  he’s  be¬ 
ing  proactive  at  the  network  perimeter. 
His  Web  filtering  software,  from  Surf¬ 
Control  PLC,  recently  blocked  a  poten¬ 
tially  dangerous  spyware  download. 
“We  think  it  would  have  downloaded  a 
Trojan,”  says  Peters,  director  of  infor¬ 
mation  services  at  the  exchange. 

Fortunately,  the  spyware  never  got 
out  of  the  Internet  cache,  but  Peters  is 
far  from  complacent.  “We  got  lucky 
that  [the  Web  site  disseminating  the 
spyware]  was  not  a  legitimate  site  in 


www.computerworld.com 


TECHNOLOGY 


COMPUTERWORLD  October 31,2005 


27 


h 


i 


PIMNG  THE 
WINDOWS  HUE 


CORPORATE  IT  organizations 
aren't  the  only  ones  worried  about 
spyware.  With  most  attacks  aimed 
directly  at  Windows,  Microsoft  re¬ 
sponded  in  the  past  year  with  the 
release  of  Windows  XP  Service 
Pack  2  and  other  patches  de¬ 
signed  to  close  some  of  the  more 
glaring  security  holes  through 
which  spyware  writers  insert  their 
applications  on  users’  machines. 

Pop-ups  are  now  blocked. 
So-called  drive-by  downloads, 
where  users  could  pick  up  spy- 
ware  simply  by  viewing  a  Web 


page  in  Internet  Explorer,  are 
much  more  difficult  to  pull  off. 
And  other  exploits,  such  as  dia¬ 
log  boxes  that  won't  take  no  for 
an  answer,  are  gone. 

Earlier  this  year,  Microsoft 
acquired  antispyware  software 
maker  Giant  Company  Software 
Inc.  Its  product,  rechristened 
Microsoft  Windows  AntiSpyware, 
was  released  as  a  free  beta  on 
Jan.  16,  and  it  already  has  about 
20  million  users,  says  Paul 
Bryan,  director  of  product  man¬ 
agement  for  client  security.  An 


enterprise  version  is  planned. 

Although  Microsoft  was  criti¬ 
cized  last  summer  for  downgrad¬ 
ing  its  suggested  action  for  some 
adware  programs  it  detects  from 
“quarantine”  to  “ignore,”  Win¬ 
dows  AntiSpyware  has  “pretty 
good  preventive  capabilities,” 
says  Gartner  analyst  John 
Pescatore. 

So  is  Windows  a  harder  tar¬ 
get?  Not  really.  Most  of  Windows 
SP2’s  security  improvements 
have  been  “circumvented”  by  ad¬ 
ware  developers,  claims  Thor 
Larholm,  senior  security  re¬ 
searcher  at  PivX  Solutions  Inc. 
in  Newport  Beach,  Calif. 

Pescatore  agrees.  “It’s  still 
possible  to  go  to  a  Web  site,  click 
on  something  and  get  a  browser 
help  object  installed,”  he  says. 
Adware  developers  are  not  only 
moving  forward  with  new  tech¬ 


niques,  but  they’re  also  exploiting 
newly  discovered  vulnerabilities. 

Larholm  has  already  run  into 
one  new  technique.  “In  the  last 
couple  of  months,  we’ve  seen  a 
surge  in  the  amount  of  spyware 
that  uses  rootkit  technology  to 
hide  its  presence  from  antispy¬ 
ware  products,”  he  says. 

Bryan  concedes  that  there’s 
only  so  much  Microsoft  can  do. 
Windows  Vista,  due  next  year,  will 
bring  other  improvements,  such 
as  the  disabling  of  ActiveX  con¬ 
trols  by  default  and  user  account 
protection  that  requires  standard 
users  to  get  admin  credentials  be¬ 
fore  they  can  install  an  applica¬ 
tion.  But  spyware  is  a  moving  tar¬ 
get.  “What  you  see  is  a  morphing 
of  spyware  over  time,"  Bryan 
says.  “It's  getting  trickier  and 
more  challenging  to  deal  with.” 

-  Robert  L.  Mitchell 


our  URL  list,”  he  says.  This  fall,  he 
plans  to  evaluate  desktop  tools  as  a 
complement  to  his  network  defenses. 

Some  55%  of  survey  respondents 
said  they  haven’t  yet  purchased  enter- 
prise-class  antispyware  tools.  GM’s 
Sanovic  is  waiting  for  enterprise  anti¬ 
spyware  offerings  from  the  bigger  se¬ 
curity  software  vendors  to  mature  be¬ 
fore  jumping  in.  “It’s  difficult  at  first 
look  to  determine  if  a  lot  of  the  prod¬ 
ucts  are  ready  for  corporate  environ¬ 
ments,”  he  says.  Peters  says  the  add-on 
products  he’s  tested  from  the  antivirus 
vendors  do  offer  centralized  man¬ 
agement  and  reporting  but  haven’t 
been  as  effective  as  the  single-user 
versions  from  smaller  vendors. 

More  than  half  of  the  readers  sur¬ 
veyed  ranked  currently  available  tools 
as  only  “somewhat  effective” 
at  detecting,  removing  and 
preventing  the  installation  of 
spyware.  The  tools  received 
their  highest  marks  for  detec¬ 
tion  but  were  seen  as  less  ef¬ 
fective  at  removal  and  pre¬ 
vention.  “Some  [products]  do 
a  great  job  at  detecting  spy- 
ware  but  a  horrible  job  at  re¬ 
moving  it.  How  good  is  that 
to  me?”  Peters  says.  As  a  re¬ 
sult,  some  organizations  are 
using  multiple  tools  to  help 
address  the  problem. 

Ricky  Stewart  uses  Spybot 
Search  &  Destroy  and  other 
stand-alone  utilities  in  addi¬ 
tion  to  eTrust  PestPatrol. 

“Spybot  finds  things  that 
PestPatrol  didn’t,”  says  Stew¬ 
art,  who  supports  350  users  at 
Cornell  University’s  athletic 
department.  “That’s  why  I’ve 


always  gone  with  multiple  programs.” 

At  this  point,  says  Sanovic,  “every¬ 
one  is  treading  water,  looking  for  the 
best  you  can  get.”  Fortunately,  the 
products  are  improving  rapidly. 

Most  IT  organizations  aren’t  excited 
about  loading  yet  another  security 
agent  onto  the  desktop  but  see  no  al¬ 
ternatives.  “You  can’t  have  your  help 
desk  involved  in  trying  to  resolve  hun¬ 
dreds  of  thousands  of  user  problems,” 
says  Sanovic.  Antispyware  and  anti¬ 
virus  software  are  also  beginning  to 
merge  into  a  single  client,  says  Gartner 
Inc.  analyst  John  Pescatore. 

Meanwhile,  the  same  signature- 
based  detection  technology  is  being  in¬ 
tegrated  into  gateway  products  such  as 
Blue  Coat  Systems  Inc.’s  Spyware  Inter¬ 
ceptor  and  McAfee’s  Secure  Web  Gate¬ 
way.  While  gateways  can  help 
prevent  the  installation  of 
spyware  in  the  office,  they 
can’t  prevent  users  who  travel 
from  bringing  back  spyware, 
nor  can  they  remove  it.  Most 
organizations  will  require  a 
combination  of  desktop  and 
gateway  tools  to  get  the  job 
done.  But  gateways  won’t 
work  in  all  cases.  For  Waters, 
the  cost  of  procuring  them  for 
72  offices  is  just  too  high. 

Initial  enterprise  antispy¬ 
ware  tools  were  also  budget 
busters,  but  that’s  changing 
rapidly.  “We’ve  seen  the  pric¬ 
ing  of  enterprise  spyware 
deals  drop  very  dramatically,” 
says  Pescatore,  from  as  much 
as  $40  per  seat  to  as  little  as 
$2  per  seat. 

Waters  says  his  deal 
worked  out  to  a  little  under 


$8  per  seat  to  cover  1,500  users.  In  the 
long  run,  as  antispyware  becomes  just 
another  feature  in  security  software 
suites,  the  add-on  pricing  model  could 
disappear  entirely,  he  says. 

Software  suites  should  also  offer  bet¬ 
ter  integration  over  time.  Peters  says 
he’d  like  to  see  Web  antispyware  tools 
communicate  with  his  Web  content  fil¬ 


ters  so  when  spyware  is  detected  on 
the  desktop,  the  source  Web  site  is  au¬ 
tomatically  added  to  the  list  of  blocked 
URLs.  “That  way,  you  won’t  have  the 
same  process  recurring,”  he  says. 

Ultimately,  even  the  best  antispyware 
tools  can’t  treat  the  root  cause  of  the 
problem.  As  with  antivirus  software, 
vendors  must  continually  update  signa¬ 
tures  to  keep  up  with  professional  pro¬ 
grammers  hired  by  adware  developers. 
“The  financial  incentives  in  spyware 
are  much  greater  than  anything  else  ex¬ 
cept  direct  hacking,”  says  Sanovic. 

Wallace  is  disgusted  by  the  problem. 
“I  would  like  to  see  the  people  respon¬ 
sible  for  the  spyware  in  a  public  execu¬ 
tion,”  he  says.  But  he’s  resigned  to  the 
need  for  antispyware  tools  for  the  fore¬ 
seeable  future.  “I’m  not  happy  that  I 
have  to  spend  money  for  licensing  to 
keep  my  machines  clean,”  he  says.  “But 
I  have  to  protect  my  systems  and  my 
users  from  this  stuff.”  O  57567 


MORE  ONLINE 

Survey  results:  To  view  the  complete  survey, 
visit  our  Web  site:  QuickLink  57800 

Anatomy  of  a  plague:  How  one  spyware  program 
serves  as  a  launching  pad  for  others  to  be  installed: 

QuickLink  a7390 
www.computerworld.com 


Antispyware  vendors  try  to 
identify  spyware  and  quan¬ 
tify  the  threat  it  poses 
based  on  characteristics 
such  as  whether  the  pro¬ 
gram  installs  itself  surrepti¬ 
tiously,  what  actions  it 
takes  and  how  difficult  it  is 
to  remove.  But  the  finer 
points  don’t  matter  to  com¬ 
panies  such  as  the  Phila¬ 
delphia  Stock  Exchange. 

It’s  all  unwanted  software, 
says  Gene  Peters,  director 
of  information  services, 
and  he  has  taken  steps  to 
ensure  that  none  of  it  gets 
onto  his  users'  machines. 

“We’re  using  group  poli¬ 
cies  to  the  fullest  extent  of 
the  law,”  says  Peters,  not¬ 
ing  that  desktops  can’t  run 
some  ActiveX  controls  and 
users  don’t  have  rights  to 
install  applications  or  make 
registry  changes.  Users 
can’t  even  install  browser 


plug-ins.  “We  standardize 
on  a  machine,  and  that  in¬ 
cludes  a  lot  of  the  common 
tools  like  Flash,"  Peters 
says.  If  users  want  some¬ 
thing  else,  they  must  ask. 
Peters  also  deploys  a  lay¬ 
ered  defense  on  desktops, 
e-mail  servers  and  the  net¬ 
work  perimeter.  “We  do 
Web  filtering,  and  we  have 
various  degrees  of  antivirus, 
and  they're  getting  smarter 
[about  spyware],”  he  says. 

Another  approach  is  to 
use  endpoint  security 
products  such  as  Secure- 
Wave  SA’s  Sanctuary  Ap¬ 
plication  Control.  That 
product  creates  a  white 
list  of  approved  applica¬ 
tions  and  blocks  others 
from  executing. 

Start-up  Bit9  Inc.  in 
Cambridge,  Mass.,  takes  a 
slightly  different  tack.  Its 
Parity  product  tracks  all 


programs  and  creates  a 
“gray  list”  of  unknown  ex¬ 
ecutables.  Administrators 
can  set  policies  by  user  or 
group  that  can  allow  exe¬ 
cution,  stop  the  program  ‘ki -r\ 
from  executing  until  the  '$$$; 
administrator  reviews  and  7 
approves  it,  or  allow  the 
application  to  run  but  issue 
a  “silent  alarm”  to  the  ad- 
:  ministrator. 

“If  you  can  lock  [the  PC] 
down  so  the  new  stuff  can’t 
run  to  begin  with,  you  won’t 
have  much  of  a  cleanup  at 
all,”  says  Todd  Brennan, 
chief  technology  officer  at: 

Bit9.  By  focusing  on  all  it 
wanted  programs;  org< 
zations  sidestep  the  isi^. 
of  specifically  identifying 
spyware  and  malware. 

“Endpoint  security  is 
very  hot,"  says  Gartner 
alyst  John  Pescatore  “ 
there’s  a  drawback:  Asv 
antivirus  and  antispy 
tools,  client  software 
be  installed  on  each.c 
top.  “You  talk  to  it  m 
agers  and  they  groan; 
you  tell  them  they  need-, 
other  endpoint  secUf|y0  r 
system,”  Pescatore  se^s.  - 
- Robert L 


of  those  surveyed 
use  enterprise- 
class  antispyware 
products. 

% 


using  enterprise- 
class  antispy¬ 
ware  products 
are  researching, 
evaluating  or 
piloting 
products. 


of  those  not 
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Redefining 


Better  energy  management 
could  lead  to  cooler  data 
centers  that  consume 
50%  less  power,  says 
HP’s  Chanarakant  Patel. 


COOL 


As  compute  density  has  increased,  tem¬ 
peratures  have  been  rising  in  the  data 
center.  Hewlett-Packard  Co.’s  “Cool 
Team’’  is  working  on  innovative  ways  to 
dissipate  the  heat.  Lab  inventions  range 
from  ink-jet  pumps  that  spray  coolant 
on  hot  chips  to  more  efficient  designs  for 
computer  room  air-conditioning  sys¬ 
tems.  Cool  Team  founder  CHANDRAKANT 
PATEL  spoke  with  Computerworld’s 
Robert  L.  Mitchell  about  how 
current  research  is  making  for 
cooler  data  centers. 

What  is  the  Cool  Team?  It  is  a 

community  of  engineers  across 
HP  founded  in  1996.  The  idea 
was  to  create  a  virtual  team  that 
can  apprise  each  other  of  the 
challenges  ahead  and  funnel  re¬ 
search  ideas  and  technologies  at  HP 
Labs  out  to  the  divisions. 

What  research  are  you  pursuing  with  regard 
to  data  center  cooling  issues?  The  data 
center  is  the  next  challenge.  The  ag¬ 
gregation  of  high-density,  commodity 
servers  in  data  centers  will  cause  a 
problem  from  a  management  point  of 
view.  It’s  akin  to  cooling  a  system  en¬ 
closure,  but  now  the  enclosure  is  the 
data  center,  with  the  walls  of  the  data 
center  being  the  walls  of  the  enclosure. 

Fifty  percent  of  the  cost  of  a  data 
center  is  associated  with  what  I  call 
burdened  cost  of  power,  which  is  all 
of  this  expensive  power  and  cooling 
equipment  that  is  needed  to  support 
the  computers. 

How  big  of  a  burden  is  that  in  actual  dollars? 

Let’s  say  you  have  100  racks  of  servers. 
Each  rack  is  on  the  order  of  12  to  13 
kilowatts,  [and]  the  power  required  by 
the  servers  is  1.3  megawatts.  The  pow¬ 
er  required  by  the  cooling  resources  to 
remove  that  heat  generated  is  almost 


equal  to  that  dissipated  by  the  servers. 
So  the  air  conditioning  will  take  anoth¬ 
er  1.3  kilowatts  of  power.  If  you  look  at 
the  cost  of  electricity  today,  1.3  mega¬ 
watts  at  10  cents  a  kilowatt-hour  at 
24/7  operation  is  $1.2  million  per  year. 
This  is  quite  significant. 

What  we’ve  said  is,  “OK,  how  do  I 
reduce  that  by  half?”  If  you  can  pro¬ 
vide  products  and  services  which  [do 
that  and]  have  a  payback  of  one 
year,  that’s  a  very  compelling 
proposition. 

How  do  you  do  that?  We  look  at 
the  layout  of  the  air  condition¬ 
ing  and  we  run  a  fluid-dynamics 
model.  For  this  fixed  distribu¬ 
tion  of  AC  resources,  how 
should  the  customer  lay  out  the 
racks  and  the  vent  tiles,  and  how 
should  they  lay  out  their  exhaust  air? 
How  do  they  do  that  minimally,  with¬ 
out  impacting  the  data  center?  We  be¬ 
lieve  we  can  get  25%  savings. 

Where  does  the  other  25%  come  from? 

In  order  to  get  energy  savings,  we  can 
minimize  the  thermodynamic  work. 

By  that  we  mean,  how  do  we  make 
sure  the  compressor  doesn’t  work  too 
much?  How  do  we  use  sophisticated 
refrigeration  systems  that  have  the 
ability  to  change  capacity,  and  how  do 
we  change  the  air  flow? 

We  can  add  this  flexibility  fairly 
easily.  That’s  needed  to  do  dynamic, 
smart  air  conditioning. 

Isn’t  retrofitting  the  air-handling  system  ex¬ 
pensive?  It  doesn’t  mean  you  have  to 
chuck  out  the  air  conditioner.  You  add 
the  capability  to  change  flow  and  tem¬ 
perature. 

What  else  is  required?  In  a  data  center, 
[having  just]  one  thermostat  won’t 


work.  In  order  to  determine  the  need, 
we  need  a  rich  sensing  environment.  I 
have  to  give  you  x  volume,  x  cubic  me¬ 
ters  of  air  at  75  degrees  Fahrenheit,  for 
example.  I  don’t  want  to  give  you  any 
more  —  I  don’t  want  to  give  you  it  at  a 
lower  temperature. 

Ideally,  I  want  sensors  on  the  inlet  of 
every  server.  That’s  not  readily  avail¬ 
able,  so  we  can  get  a  robot  with  a  sen¬ 
sor  on  it  and  make  it  go  along  the 
aisles  autonomously,  with  a  wireless 
device  to  send  us  the  information 
wirelessly. 

We  have  created  algorithms  that 
sense  those  points  and  send  out  new 
settings  to  the  air  conditioners.  Based 
on  that,  the  air  conditioners  change 
their  capacity,  and  that  gives  us 
demonstrated  savings  of  50%  in  our 
data  center  here  in  Palo  Alto. 

Why  use  a  robot?  I  can  provision  the 
flow  and  temperature  based  on  the 
needs  of  the  rack,  and  the  robot  is  a 
means  to  that  end.  I  would  like  to  un¬ 
derstand  what  is  the  tem-  _ 

perature  in  the  aisles,  and 
it’s  very  hard  to  correlate 
that.  The  environment  in 
the  data  center  is  so  com¬ 
plex  that  there  is  no  linear 
correlation  between  tem¬ 
perature  at  a  given  location  and  the 
[server  air]  inlet.  The  robot  can  be  sent 
out  to  get  fine-grained  measurements 
in  the  aisles. 

How  will  the  systems  HP  builds  change  to 
run  cooler?  In  the  future,  systems  will 
have  the  ability  to  change  power  set¬ 
tings  —  not  only  cooling,  but  power. 
Processors  will  have  voltage  frequency 
scanning,  where  there  will  be  various 
power  states.  That’s  flexibility  I  can  ex¬ 
ploit.  If  an  AC  unit  fails,  why  don’t  I 
ask  a  given  region  in  the  data  center  to 


MORE  FROM  PATEL 

For  more  of  the  Chandrakant 
Patel  interview,  see: 

O  Quicklink  57613 
www.computerworld.com 


TITLE:  Distinguished  technologist 

COMPANY:  Hewlett-Packard 
Laboratories 

LOCATION:  Palo  Alto,  Calif. 

ACCOMPLISHMENTS:  Patel  is in¬ 
volved  in  thermomechanical  research 
that  ranges  from  the  microprocessor 
to  the  data  center.  He  founded  the 
thermal  technology  research  program, 
formed  HP’s  Cool  Team  and  led  cooling 
and  packaging  research  efforts  for  the 
development  of  the  Itanium  processor. 
Patel  has  been  granted  51  U.S.  patents 
in  the  area  of  electronics  cooling.  He 
is  a  senior  member  of  the  IEEE  and 
holds  a  master  of  science  degree  in 
mechanical  engineering  from  San 
Jose  State  University. 


scale  its  power  down  instead  of  having 
excessive  redundancy,  which  costs  me 
a  lot  of  money?  We  call  that  smart  re¬ 
dundancy. 

We  have  the  ability  to  migrate  com¬ 
pute  workloads  from  one  machine  to 
another  in  the  data  center.  I  want  to 
use  every  flexibility,  from  moving 
workloads  to  scaling  power  down  to 
scaling  air  conditioning.  All  of  this  can 
be  done  quite  easily. 

What  else  are  you  working  on  to  make  data 
centers  more  efficient?  If  you  have  to 

place  a  workload  in  a  mix  of  data  cen¬ 
ters  around  the  world.  I’d  like  to  pick 
the  right  data  center  in  the  right  part  of 
-  the  world  in  the  right  ambi¬ 
ent  temperature.  If  New 
Delhi  is  sitting  at  45  degrees 
centigrade,  Phoenix  might 
be  sitting  at  20  degrees.  So  I 
might  choose  to  put  all  of 
my  workloads  in  Phoenix 
because  my  compressors  don’t  have  to 
work  as  hard.  Then,  inside  the  data 
center,  I’d  like  to  put  the  workload  on  a 
given  row  in  a  given  rack,  in  a  given 
system,  in  a  given  board,  on  a  given 
processor,  in  a  given  core.  I  want  that 
flexibility  of  cooling  at  the  global  level. 


When  will  these  technologies  be  available? 

The  static  provisioning  is  already  out 
there.  All  of  these  other  things,  we  are 
now  deploying  in  internal  data  centers. 
I  foresee  this  happening  in  customer 
sites  in  a  year  or  two  years.  O  57258 


Simplify  your  I.  T.  and  your  business.  IBM  servers  and  storage  are  designed  to 
help  you  do  just  that.  Take  the  IBM  Total Sto rag em  DS4100  Express  with 
DACstore.  It  can  help  you  reconfigure  or  add  capacity  while  staying  up  and 
running.  No  need  to  stop  to  reset  drives. 

Because  with  IBM  Express,  innovation  comes  standard.  That’s  true  for  servers, 
storage  and  printers.  What’s  more,  you  can  keep  your  technologies  current 
while  helping  to  reduce  costs  -  through  IBM  Global  Financing. 

All  things  considered,  an  I.  T.  hero  deserves  nothing  less. 


MEET  3  HEROES  IN  THE  BATTLE  AGAINST  I.T.  COMPLEXITY. 
YOU’RE  THE  4TH. 


IBM  TotalStorage  DS4100  Express 

Ships  with  1.25TB1 

DACstore  for  configuration  metadata 
3.5TB  with  1  controller;  28TB  with  2' 

Limited  warranty:  1  year  on-site2 

From  $7,349* 

(Other  configurations  as  low  as  $6,599) 

IBM  Financing  Advantage 

Only  $206/mo.3 
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IBM  eServer  OpenPower  720  Express 

Built  on  IBM  POWER5™  technology 
and  tuned  for  Linux® 

2-  or  4-way  64-bit,  rack  or  tower  models 

Up  to  8GB  of  memory,  disk  capacity 
up  to  1.1TB1 _ 

Optional  Advanced  Virtualization  features 

DB2*  Express  Discover  CD 

Limited  warranty:  up  to  3  years  on-site2 
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IBM  TotalStorage  3580  Express 

Helps  protect  LTO™  investment 


Built  on  Ultrium™  3  technology 

Read/write  compatible  with  Ultrium  2  drives 
-  read  compatible  with  Ultrium  1  drives 


Up  to  800GB  cartridge  physical  capacity 
with  2:1  compression1 

Limited  warranty:  3  years  on-site2 


From  $5,850* 


From  $9,774* 

IBM  Financing  Advantage 

Only  $273/mo.3 


IBM  Financing  Advantage 

Only  $1 64/mo.3 


Learn  more  about 
our  full  range  of 
IBM  Express  products 
and  find  the 
IBM  Business  Partner 
near  you. 


. 

ibm.com/ 

systems/innovate2 

_ 


1  800-IBM-7777 

mention  104CE05A 


*AII  prices  stated  are  IBM's  estimated  retail  selling  prices  as  ot  September  13, 2005.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are 
subject  to  availability.  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  1.  Denotes  raw  storage  capacity. 
Usable  capacity  may  be  less.  2.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  On-site  warranty 
is  available  only  for  selected  components.  3.  IBM  Global  Financing  offerings  are  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and 
government  customers  Monthly  payments  provided  are  for  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  factors.  Lease  otter  provided  is  based  on  a  FMV  lease  of  36  monthly  payments.  Other 
restrictions  may  apply.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  nolice.  IBM,  the  IBM  logo,  eServer, TotalStorage,  OpenPower,  P0WF.R5  and  DB2  are  trademarks  or  registered  trademarks 
of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Linux  is  a  trademark  of  Linus  Torvalds  in  the  United  States  arid  other  countries.  LTO  arid  Ultrium  are  trademarks  of  Certance, 
HP  and  IBM  in  the  U.S.  arid  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  o(  others.  ©2005  IBM  Corporation.  All  rights  reserved. 
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DEFINITION 
Mean  time  between  failures  (MTBF)  and  the  related 
mean  time  to  failure  (MTTF)  are  measures  of 
hardware  reliability,  usually  expressed  in  hours. 
They  indicate  in  statistical  terms  the  working  life¬ 
time  of  a  given  component:  The  higher  the  figure, 
the  more  reliable  the  product. 


BY  RUSSELL  KAY 

IT’S  A  CRUEL  WORLD  OUt 
there  in  the  data  center. 
Nothing  lasts  forever,  espe¬ 
cially  not  mechanical  de¬ 
vices  with  fast-moving  parts, 
such  as  disk  drives  and  print¬ 
ers.  It  would  be  very  useful  if 
we  could  predict  when  some¬ 
thing  might  break  or,  at  the 
very  least,  determine  which  of 
two  similar  products  would  be 
less  likely  to  break  in  a  given 
period.  The  answer  is  MTBF, 
short  for  mean  time  between 
failures,  and  the  closely  relat¬ 
ed  MTTF,  short  for 
mean  time  to  failure.  b  • 
Both  are  measures  of  ■  I 
reliability  that  are  de¬ 
fined  statistically  as 
the  number  of  hours  a 
component,  assembly  or  sys¬ 
tem  will  operate  before  it  fails. 

MTTF  and  MTBF  are  some¬ 
times  used  interchangeably, 
but  they  are  in  fact  different. 
MTTF  refers  to  the  average 
(the  mean,  in  arithmetic 
terms)  time  until  a  component 
fails,  can’t  be  repaired  and 
must  therefore  be  replaced,  or 
until  the  operation  of  a  prod¬ 
uct,  process  or  design  is  dis¬ 
rupted.  MTBF  is  properly 
used  only  for  components  that 
can  be  repaired  and  returned 
to  service.  This  introduces  a 
couple  of  related  abbrevia¬ 
tions  occasionally  encoun¬ 
tered:  MTTR  (mean  time  to 
repair)  and,  less  common, 
MTTD  (mean  time  to  diag¬ 


nose).  With  those  notions  in 
mind,  we  could  say  that  MTBF 
=  MTTF  +  MTTD  +  MTTR. 

Calculating  MTBF 

MTBF  sounds  simple:  the  to¬ 
tal  time  measured  divided  by 
the  total  number  of  failures 
observed.  For  example,  let’s 
wring  out  a  new  generation  of 
2.5-in.  SCSI  enterprise  hard 
drives.  We  run  15,400  initial 
units  for  1,000  hours  each 
(thus  our  tests  take  a  little  less 
than  six  weeks),  and  we  find  11 
failures.  The  MTBF  is  (15,400 
x  1,000)  hours/ll,  or 
1.4  million  hours. 

(This  is  not  a  hypo¬ 
thetical  MTBF;  it  rep¬ 
resents  current  drive 
technology  in  2005.) 

What  does  this  calculation 
really  mean?  An  MTBF  of 
1.4  million  hours,  determined 
in  six  weeks  of  testing,  cer¬ 
tainly  doesn’t  say  we  can  ex¬ 
pect  an  individual  drive  to 
operate  for  159  years  before 
failing.  MTBF  is  a  statistical 
measure,  and  as  such,  it  can’t 
predict  anything  for  a  single 
unit.  We  can  use  that  MTBF 
rating  more  accurately,  how¬ 
ever,  to  calculate  that  if  we 
have  1,000  such  drives  operat¬ 
ing  continuously  in  a  data 
center,  we  can  expect  one  to 
fail  every  58  days  or  so,  for  a 
total  of  perhaps  19  failures 
in  three  years. 

The  MTBF  figure  for  a 
product  can  be  derived  from 


laboratory  testing,  actual  field 
failure  data  or  prediction 
models  such  as  MIL-HDBK- 
217  (the  Military  Handbook  for 
Reliability  Prediction  of  Elec¬ 
tronic  Equipment ,  published  by 
the  U.S.  Department  of  De¬ 
fense). 

MIL-HDBK-217  contains 
failure-rate  models  for  various 
parts  used  in  electronic  sys¬ 
tems,  such  as  integrated  cir¬ 
cuits,  transistors,  diodes,  resis¬ 
tors,  capacitors,  relays,  switch¬ 
es  and  connectors.  These  fail¬ 
ure-rate  models  are  based  on  a 
large  amount  of  Field  data  that 
was  analyzed  and  simplified 
by  the  Reliability  Analysis 
Center  and  Rome  Laboratory 
at  Griffiss  Air  Force  Base  in 
Rome,  N.Y.  (Instructions  for 
downloading  MIL-HDBK-217 
are  at  www.t-cubed.com/ 
faq_217.htm.)  ©  57773 

Kay  is  a  Computerworld  con¬ 
tributing  writer  in  Worcester ; 
Mass.  You  can  contact  him  at 
russkay@charter.net. 

RELATED  TERMS  AND  LINKS 

For  explanations  of  terms  related  to  MTBF, 
see:  QuickLink  57608 

For  a  list  of  related  links,  see: 

O  QuickLink  57609 

www.computerworld.com 

Are  there  technologies  or  issues  you’d  like 
to  learn  about  in  QuickStudy?  Send  your 
ideas  to  quickstudy@computerworld.com 

To  find  a  complete  archive  of  our 
QuickStudies,  go  online  to 

©computerworld.com/quickstudies 


INTO  THE  BATHTUB 


THE  DEFINITION  OF  MTBF 

uses  the  word  mean,  an 
arithmetic  average.  This  has 
led  some  people  to  interpret 
MTBF  as  the  time  (on  aver¬ 
age)  when  half  the  items  will 
fail.  That  might  be  the  case  if 
failure  occurs  at  a  constant 
rate  during  an  item’s  lifetime, 
and  in  fact  MTBF  makes  just 
this  assumption,  even  though 
it’s  rarely  the  case  in  the  real 
world. 

For  example,  many  elec¬ 
tronic  components  may  expe¬ 
rience  a  relatively  high  failure 
rate  in  their  first  few  hours 
of  operation  and  then  operate 
essentially  trouble-free  for 
very  long  periods  thereafter. 

Thus,  the  failure  rate  at 
any  point  in  time  depends  on 
the  overall  failure  profile  for 
that  system,  which  we  can 
express  as  the  probability  of 
failure  prior  to  a  specified 
time.  If  we  calculate  the  fail¬ 
ure  rate  for  ever-smaller  time 
intervals  during  the  projected 
life  span,  we  can  determine 
what’s  called  a  hazard  func¬ 
tion,  the  instantaneous  failure 
rate  at  any  point  in  time. 

It  turns  out  that  there’s  one 
failure  profile  shared  by  many 
mechanical  devices,  including 
especially  complex  systems  - 
think  of  an  automobile,  with 
its  thousands  of  parts.  This 
hazard  function  is  called  the 
“bathtub”  curve  because  of 
its  shape,  and  it’s  character¬ 
ized  by  three  distinct  phases: 


Early  on,  a  high  but  de¬ 
creasing  failure  rate,  some¬ 
times  called  infant  mortality. 

A  relatively  constant  fail¬ 
ure  rate,  basically  represent¬ 
ing  random  failures. 

Near  the  end  of  life,  an 
increasing  failure  rate  as  the 
product  wears  out. 

Think  of  a  new  car.  When 
you  first  get  it,  there  may  be  a 
number  of  items  that  need  fix¬ 
ing  either  because  of  improper 
installation  or  a  hidden  defect 
in  a  part.  (Since  these  are 
usually  covered  by  warranty, 
they’re  often  an  annoyance 
but  perhaps  not  a  major  prob¬ 
lem,  but  that’s  a  different  is¬ 
sue.)  After  the  newness  wears 
off,  while  the  car  is  still  rela¬ 
tively  young  and  doesn’t 
have  too  many  miles  on  it, 
it’s  rarely  out  of  commission; 
repair  bills  are  few  and  far 
between,  and  problems  are 
likely  to  be  caused  by  random 
events,  such  as  an  accident 
or  a  part  failure.  As  the  years 
and  mileage  mount,  however, 
a  number  of  parts  wear  out  - 
many  of  them,  such  as  brakes 
and  tires,  are  designed  to  last 
only  for  a  limited  period  and 
then  fail  or  wear  out.  At  this 
stage,  the  car  spends  more 
and  more  time  in  the  repair 
shop.  If  we  graph  the  inci¬ 
dence  of  failures  (repairs) 
against  time,  we  get  the 
characteristic  bathtub¬ 
shaped  curve. 

-  Russell  Kay 
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A  recent  study  of  companies  listed  on  NASDAQ  and  NYSE  found  that  companies  that  run  SAP  are  32% 
more  profitable  than  those  that  don’tf  Fact  is,  SAP®  software  solutions  make  businesses  of  all  sizes  more 


*Based  on  a  2005  Stratascope  Inc.  analysis  of  publicly  available  fiscal  results  of  all  non-financial  companies  listed  on  NASDAQ  and  NYSE. 
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Forecasting 
The  Big  One 

The  San  Francisco  Bay  region  has  a  25% 
chance  of  a  Magnitude  7  or  greater  earthquake 
in  the  next  20  years  and  a  roughly  1%  chance  of 
such  an  earthquake  each  year,  according  to  the 
“Virtual  California”  computer  simulation. 

The  Virtual  California  approach  to  earth¬ 
quake  forecasting  is  similar  to  the  computer 
models  used  for  weather  forecasting,  said 
John  Rundie,  director  of  the  Computational  Sci¬ 
ence  and  Engineering  Center  at  the  University 
of  California,  Dayis,  who  has  developed  the 
model  with  colleagues  from  the  Jet  Propulsion 
Laboratory  and  other  institutions.  An  earlier 


SOURCE:  UC  DAVIS  COMPUTATIONAL  SCIENCE  AND  ENGINEERING  CENTER 


effort  to  forecast  earthquake  hazards,  the  U.S. 
Geological  Survey’s  Working  Group  on  Califor¬ 
nia  Earthquake  Probabilities,  used  records  of 


past  earthquakes  to  calculate  the  probability  of 
future  ones. 

The  Virtual  California  model  includes  650 
segments  representing  the  major  fault  systems 
in  California,  including  the  San  Andreas  fault  re¬ 
sponsible  for  the  1906  San  Francisco  earth¬ 
quake.  The  simulation  takes  into  account  the 
gradual  movement  of  faults  and  how  they  inter¬ 
act  with  one  another. 

The  researchers  used  the  model  to  simulate 
40,000  years  of  earthquakes  in  California. 

They  found  almost  400  major  (Magnitude  7  or 


above)  earthquakes  at  an  average  interval  of 
101  years.  The  simulation  data  indicates  a  25% 
chance  of  another  such  earthquake  in  the  next 
20  years,  a  50%  chance  in  the  next  45  years 
and  a  75%  chance  by  2086. 

The  latest  work  is  published  in  Proceedings 
of  the  National  Academy  of  Sciences  of  the 
United  States  of  America.  ©  57587 


Spam  Incubators 

There  are  no  surprises  in  first  three  spots 
on  this  list  of  the  top  12  spam-relaying 
countries,  as  ranked  by  the  percentage  of 
the  world’s  spam  they  generate.  But  the 
figures  suggest  that  business  is  booming 
for  purveyors  of  unwanted  e-mail  in  France, 
Taiwan  and  Pakistan.  And  what's  Canada’s 
secret  for  squelching  spammers? 


L  2005) 

2004 

26.35% 

19.73% 

11-63% 

3.  China  (plus  Hong  Kong) 

15.7% 

&9% 

4.  France 

3.46% 

1.27% 

|  2.67% 

3.91% 

6.  Canada 

2.53% 

7.06% 

7.  Taiwan 

222 % 

0.86% 

2.21% 

1.04% 

9. Japan 

2.02% 

2.66% 

1.55% 

107% 

142% 

Not  available 

12.  Germany 

1.26% 

1.02% 

1868% 

18.1% 

SOURCE:  SOPHOS  PLC.  LYNNFIELD.  MASS.  OCT  13.  2005 


Long-Distance  Learning 
TotheWiMax 

In  U.S.  cities  and  suburbs,  high-speed  wireless 
Internet  connections  are  becoming  more  com¬ 
monplace,  making  “anytime,  anywhere  learning” 
for  students  a  viable  concept.  But  that  kind  of  ac¬ 
cess  and  the  opportunities  it  provides  aren’t  yet 
available  in  most  rural  areas. 

A  solution  is  in  sight,  however.  Atop  a  remote 
mountain  near  Missoula,  Mont.,  engineers  atthe 
GeorgiaTech  Research  Institute  (GTRI)  recently 
demonstrated  the  video  streaming,  Web  surfing 
and  e-mail  capabilities  of  WiMax  wireless  technol¬ 
ogy,  which  is  based  on  the  IEEE  802.16  standard. 

WiMax  is  a  set  of  standards  for  delivering  point- 
to-point,  as  well  as  point-to-multipoint,  wireless 
broadband  connectivity. 

In  rural  areas,  the  cost  to  lay  fiber  for  wired 
broadband  service  is  about  $200,000  or  more  per 
mile,  an  investment  that  communications  compa¬ 
nies  typically  don't  want  to  make  because  they 
can’t  recoup  their  money  within  several  years. 

“But  with  WiMax,  an  Internet  service  provider 
that  wants  to  reach  a  small  community  up  to  30 
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miles  away  can  set  up  a  wireless  link  forthousands 
;  of  dollars  ratherthan  hundreds  of  thousands,” 
says  Jeff  Evans,  a  GTRI  senior  research  engineer 
who  led  the  demo  team.  “You  can  quickly  provide 
a  long-haul  link  of  70Mbit/sec.  and  then  deploy 
a  local  WiMax  radio  to  provide  up  to  several 
megabits  per  second  to  each  home  in  the  area  - 
giving  you  DSL  speeds  at  a  reasonable  cost.” 

WiMax-capable  equipment  for  fixed-location 
connections  is  expected  to  be  readily  available  in 
the  market  by  the  end  of  this  year.  Meanwhile,  a 
nevMobile  WiMax  standard,  8Q2.16e,  is  expected 
in  late  2006,  with  compatible  equipment  available 
in  2007. 
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AT&T 

and 

MASTERCARD 


Can  your 
network 
reward 
loyalty? 


IMPROVE  CUSTOMER  RELATIONSHIPS.  When  MasterCard  wanted 
to  reward  cardholders  around  the  globe,  they  signed  up  with  the 
world’s  networking  company.  Now,  with  intelligent,  end-to-end 
networking  solutions  from  AT&T,  MasterCard  can  track  and 
deliver  customer  rewards  right  over  the  network.  As  a  result, 
MasterCard  can  help  banks  distribute  airline  tickets, 
merchandise,  gift  cards  and  financial  services  to  enable  increased 
activation  and  usage.  Not  to  mention  the  kind  of  customer 
loyalty  that  money  just  can’t  buy.  CAN  YOUR  NETWORK  DO  THIS? 


AT&T 

The  world's  networking  company^ 


To  find  out  how  AT&T’s  networking  solutions 
helped  MasterCard  transform  its  business,  go  to: 

att.com/rewarci 
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Making  the  Move 
From  IDS  to  IPS 


The  benefits  of  moving  from  an  intrusion- 
detection  system  to  inline  intrusion- 
prevention  technology  outweigh  the 
drawbacks.  By  Mathias  Thurman 


he  product  life-cycle 
management  project 
I  mentioned  in  my  last 
article  has  been  quiet  as 
the  project  management  team 
evaluates  everyone’s  input  to 
the  evaluation  documentation. 
I’m  taking  this  opportunity 
to  spin  up  a  project  to  move 
from  our  current  intrusion- 
detection  system  (IDS)  to  an 
intrusion-prevention 
system  (IPS). 

I’ve  been  contem¬ 
plating  this  for  a 
while  but  have  hesi¬ 
tated  because  once 
my  department 
places  a  device  inline 
with  other  network  gear,  we 
become  another  bump  in  the 
wire  and  have  certain  respon¬ 
sibilities  in  regards  to  network 
availability. 

IDS  vs.  IPS 

As  many  of  you  know,  an  IDS 
typically  sits  on  a  monitoring 
port,  sometimes  called  a 
SPAN  port  (in  the  Cisco 
world),  and  is  passive  by  na¬ 
ture.  The  IDS  device  sits  in 
promiscuous  mode  and  listens 
to  the  network  traffic  passing 
by,  and  when  something  ab¬ 
normal  occurs,  it  sends  alerts 
on  the  suspicious  activity  as 
defined  by  configured  rules. 

Take  that  same  IDS  sensor 
and  place  it  inline  so  that  all 
network  traffic  must  pass 
through  it,  and  you  have  an 
IPS.  So  basically,  an  IPS  is 
nothing  more  than  an  IDS  that 
has  some  additional  function¬ 
ality  and  is  positioned  in  a  dif¬ 
ferent  place  on  the  network. 
The  rules,  signatures,  alerts 
and  reporting  are  typically 
all  the  same.  Even  Snort,  the 
freely  available  IDS,  has  its 


own  term,  “Snort  inline,”  for 
what  is  essentially  intrusion 
prevention. 

My  reasoning  for  moving  to 
IPS  is  pretty  straightforward. 
Only  a  couple  of  people  report 
to  me,  and  they  are  bogged 
down  with  projects  and  daily 
security  activities.  I’d  like  to 
have  a  full-time  person  to 
monitor  the  IDS  and  respond 
to  events,  but  I  can’t 
afford  that.  Mean¬ 
while,  we  continue 
to  respond  to  worms 
and  other  suspicious 
activity  after  the 
fact,  either  placing 
rules  in  the  firewall 
or  visiting  all  the  affected 
desktops.  And  we  can’t  count 
on  our  antivirus  infrastructure 
either.  One  recent  worm, 
W32/PrsKey-A,  ran  rampant 
in  our  network  for  several 
days  before  our  antivirus  ven¬ 
dor  finally  produced  a  signa¬ 
ture,  and  that  happened  only 
after  we  sent  the  vendor  an 
infected  file  for  evaluation. 

As  an  aside,  we  were  able  to 
do  our  own  evaluation  of  the 
worm’s  code  and  its  impact. 
Through  that  evaluation,  we 
were  able  to  determine  the 
files  and  registry  settings  that 
the  worm  modified,  the  vector 
that  it  used  to  propagate  and 
the  ports  it  was  using  to  open 


Being  inline,  a  failed 
IPS  device  essentially 
blocks  traffic  from 
leaving  the  network. 


a  back  channel.  Creating  a  sig¬ 
nature  in  our  IDS  would  give 
us  the  ability  to  detect  the 
worm’s  presence,  but  unless 
we  were  willing  to  generate 
TCP  resets,  we  wouldn’t  be 
able  to  stop  the  worm  from 
propagating.  TCP  resets,  or 
“session  sniping,”  can  be  used 
within  an  IDS  to  stop  mali¬ 
cious  activity.  But  in  my  expe¬ 
rience,  they’re  a  dangerous 
proposition,  since  they  can 
easily  be  abused  and  can 
negatively  affect  the  perfor¬ 
mance  of  the  IDS.  An  IPS,  on 
the  other  hand,  being  inline, 
would  allow  us  to  place  spe¬ 
cific  rules  to  actually  block 
malicious  code. 

Enforcing,  Reporting 

In  addition  to  malicious-code 
mitigation,  an  IPS  can  assist 
in  the  enforcement  of  an 
acceptable-use  policy  (AUP). 
Currently,  our  AUP  bars  em¬ 
ployees  from  using  peer-to- 
peer  file-sharing  applications 
like  Napster,  Kazaa  and  Bit- 
Torrent.  We  also  have  policies 
against  tools  such  as  Skype,  a 
free  Internet  phone  service 
that  uses  a  ton  of  bandwidth. 

With  an  IDS,  we  can  detect 
the  use  of  these  applications, 
and  we  can  block  some  of  the 
associated  ports  and  destina¬ 
tions  on  our  firewall.  But 
some  of  the  tools  don’t  allow 
us  to  just  put  some  firewall 
rules  in  place  and  block  the 
application.  For  some  of  the 
applications,  we  need  to  in¬ 
spect  the  traffic  and  set  block¬ 
ing  rules  based  on  the  TCP/IP 
packet  payload  vs.  ports  and 
destinations. 

This  is  where  an  IPS  comes 
in  handy.  We  can  put  rules  in 
place  to  block  unauthorized 
applications,  and  we  can  col¬ 
lect  statistics  and  report  on 
how  much  traffic  is  caused 
by  unauthorized  applications. 
That  kind  of  data,  of  course, 
is  great  stuff  to  be  able  give 
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to  your  CIO.  CIOs  like  to  have 
in  hand  the  information  that, 
say,  60%  of  network  traffic 
is  related  to  AUP  violations. 
That  sort  of  thing  provides  for 
great  return  on  investment, 
which  is  always  a  challenge 
within  the  information  secu¬ 
rity  field. 

Of  course,  intrusion  preven¬ 
tion  isn’t  without  its  short¬ 
comings.  Being  inline,  a  failed 
IPS  device  essentially  blocks 
traffic  from  leaving  the  net¬ 
work.  Therefore,  it’s  impor¬ 
tant  that  we  choose  an  IPS 
that  has  the  ability  to  fail 
closed,  meaning  that  it  will 
let  traffic  pass  (closed  in  the 
sense  of  an  electronic  circuit 
—  I’m  an  engineer  at  heart). 
The  drawback  to  this,  from 
the  security  manager’s  point 
of  view,  is  that  you  would  have 
no  protection  from  malicious 
activity  if  a  failed  IPS  device 
allowed  all  traffic,  good  and 
bad,  to  pass. 

However,  sometimes  you 
have  to  bite  your  tongue  to 
appease  the  network  engi¬ 
neers  and  other  IT  depart¬ 
ment  heads.  I’m  willing  to 
take  the  risk  that  we  open 
ourselves  up  for  a  short  peri¬ 
od  of  time  rather  than  face  the 
loss  of  revenue  and  productiv¬ 
ity  that  would  result  if  thou¬ 
sands  of  employees  couldn’t 
do  their  jobs.  Nonetheless, 

I  reserve  the  right  to  change 
my  mind. 

We’re  looking  at  products 
from  Sunnyvale,  Calif. -based 
Juniper  Networks  Inc.  and  Co¬ 
lumbia,  Md.-based  Sourcefire 
Inc.  At  this  stage,  Juniper  is 
appealing,  since  we’re  already 
using  that  company’s  firewalls 
and  have  a  decent  support  re¬ 
lationship  with  it. 

As  an  added  benefit,  we 
may  be  able  to  get  away  with  a 
single  console  to  manage  both 
the  firewalls  and  the  IPS.  The 
last  thing  I  need  is  another 
management  console.  I 

WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real  secu¬ 
rity  manager,  “Mathias  Thurman,”  whose 
name  and  employer  have  been  disguised 
for  obvious  reasons.  Contact  him  at  mathias_ 
thurman@yahoo.com,  or  join  the  discussion 
in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager’s  Journals,  go  online  to 

©  computerworld.com/secjournal 
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Security  Bookshelf 

Gray  Hat  Hacking:  The  Ethical 
Hacker’s  Handbook,  by  Shon 
Harris,  Allen  Harper,  Chris 
Eagle,  Jonathan  Ness  and 
Michael  Lester  (McGraw-Hill 
Osborne  Media,  2004). 

After  an  interesting  chapter 
justifying  ethical  hacking  and 
another  on 
law,  the  au¬ 
thors  get  to 
the  meat  of 
this  hand¬ 
book,  de¬ 
scribing 
methodolo¬ 
gies,  tools 
and  tech¬ 
niques  for 
hacking.  Whether  the  hacking 
is  white-,  gray-  or  black-hat, 
the  techniques  and  tools  seem 
to  be  the  same.  It’s  how  you 
approach  the  task  that  differ¬ 
entiates  the  various  shades. 
The  only  part  I’d  criticize  is  the 
discussion  of  programming 
and  writing  hacking  exploits, 
which  assumes  that  the  reader 
has  previous  knowledge  of  the 
subject.  I  recommend  this 
book  to  anyone  responsible  for 
penetration  testing,  but  it’s 
also  a  good  read  for  general 
security  practitioners. 


i. 


-Mathias  Thurman 


Court  Stays  Order 
To  Shut  Down  Sites 

One  day  after  it  was  ordered  to 
disconnect  much  of  its  net¬ 
work  and  Web  sites  from  the 
Internet  because  of  IT  security 
concerns,  the  U.S.  Depart¬ 
ment  of  the  Interior  received 
an  administrative  stay  from 
the  U.S.  Court  of  Appeals  for 
the  District  of  Columbia  Cir¬ 
cuit.  Officials  from  the  depart¬ 
ment  had  asked  that  they  be 
allowed  to  temporarily  put  off 
complying  with  an  order  is¬ 
sued  Oct.  20  by  U.S.  District 
Court  Judge  Royce  C.  Lam- 
berth.  Lamberth  ruled  that  de¬ 
spite  attempts  to  improve  IT 
security  over  the  past  five 
years,  the  Interior  Department 
hadn’t  proved  that  its  systems 
are  secure  against  attacks 
that  could  let  outsiders  alter 
or  destroy  trust-fund  records 
kept  for  American  Indians. 
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»  Tired  of  cal  s  th  t  so  nd  like  th  s?  Want  cost  benefits  of  voice  over  If?  but  sick  of  delay  and 
dropped  data?  Try  Secure  and  Assured  VoIP,  only  from  Juniper  Networks.  Juniper  ensures  voice 
receives  higher  priority  and  bandwidth,  for  highest-quality  performance.  And  our  application-aware 
platforms  stop  hackers,  DoS  attacks  -  all  network  threats.  Expect  more  from  your  VoIP  Juniper 
your  net  and  get  unequalled  interoperability,  with  unrivaled  performance  and  security: 
http://www.juniper.net/solutions/voice/ 


888-JUNIPER  (1-888-586-4737) 


■  • 


38 


COMPUTERWORLD  October  31, 2005 


TECHNOLOGY 


www.computerworld.com 


BRIEFS 


Black  Duck  Offers 
ProtexlP  3.0 

■  Black  Duck  Software  Inc.  in 
Waltham,  Mass.,  released  Version 
3.0  of  its  ProtexlP  compliance 
management  software  suite.  The 
product  incorporates  enhanced 
capabilities  for  analyzing  propri¬ 
etary,  open-source  and  third- 
party  software  for  license  compli¬ 
ance  by  corporate  users,  accord¬ 
ing  to  the  company.  It  also  in¬ 
cludes  an  expanded  repository 
of  software  projects  and  license 
information,  as  well  as  a  string 
search  feature  that  lets  users  find 
keywords  or  phrases  in  the  target 
code  base.  ProtexIP/development 
Professional  Edition  starts  at 
$9,500;  the  Enterprise  Edition 
starts  at  $25,000. 


Nemx  Upgrades 
Security  Software 

■  Nemx  Software  Inc.  in  Ottawa 
has  released  Version  2.0  of 
SecurExchange.  It  includes  new 
enterprise  compliance  and  secure 
mail  capabilities,  giving  business¬ 
es  more  control  of  their  Microsoft 
Exchange  environments,  Nemx 
said.  New  features  include  real¬ 
time  monitoring  of  content  within 
message  attachments  and  the 
Concept  Builder  module,  which 
enables  organizations  to  create 
and  manage  acceptable-use  poli¬ 
cies.  Pricing  starts  at  $17  per 
user  for  100  users. 


EMC  Connectivity 
Monitor  Released 

■  EMC  Corp.’s  Smarts  division 
announced  Application  Connectiv¬ 
ity  Monitor  2.0,  which  is  designed 
to  automatically  discover  distrib¬ 
uted  TCP-based  applications  and 
monitor  them  for  availability.  It’s 
the  first  separate  release  of  the 
software,  which  EMC  gained 
when  it  acquired  System  Manage¬ 
ment  Arts  Inc.  in  February.  The 
new  version  improves  usability 
and  increases  the  number  of  soft¬ 
ware  checks  that  can  be  made, 
EMC  said.  The  price  is  $40,000 
to  monitor  100  servers,  and  $100 
for  each  additional  server. 
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OpenSolaris  Has  a 
Teg  Up  on  Linux 


IF  THERE’S  ONE  ASPECT  of  Linux  that  has  led  to 
its  popularity,  it’s  the  ability  of  suitably  enthused 
individuals  to  produce  their  own  distribution. 
That  feature  has  spawned  thousands  of  different 
solutions  and,  in  turn,  has  led  to  the  creation  of 
numerous  tools,  products  and  companies  that  have 
furthered  the  progress  of  Linux.  For  example,  the  Red 
Hat  Package  Manager  (RPM)  system  was  introduced  to 


help  install  the  packages 
that  make  up  Red  Hat  Inc.’s 
system.  Today,  most  Linux 
software  is  distributed  in 
RPM  format,  even  if  your 
system  isn’t  necessarily 
Red  Hat-based. 

The  distribution  model 
of  Linux  has  also  spawned 
many  companies:  Red  Hat, 

SUSE  (later  bought  by  Nov¬ 
ell)  and  others  that  would 
not  exist  without  Linux. 

What  made  all  of  this 
possible?  Well,  the  “free” 
part  of  open-source,  of  course.  Be¬ 
cause  we  can  use,  modify,  combine 
and  redistribute  different  products,  we 
can  easily  produce  a  distribution  that 
contains  the  elements  we  want.  Linux 
isn’t  really  an  operating  system;  tech¬ 
nically,  Linux  is  simply  the  kernel  that 
allows  other  bits  to  work.  The  Linux 
operating  system  is  really  a  distribu¬ 
tion  of  the  Linux  kernel  and  a  collec¬ 
tion  of  other  software  that  makes  it 
work  —  the  compiler,  file-system  utili¬ 
ties,  shells,  user  interfaces  and  so  on. 

Collectively  (and  technically  incor¬ 
rectly)  we  call  this  collection  “Linux.” 
This  incorrect  labeling  leads  to  a  se¬ 
ries  of  other  problems,  one  of  which  is 
the  generic  use  of  the  term  to  refer  to 
a  wide  range  of  operating  systems  that 
aren’t  always  compatible  with  one  an¬ 
other.  Minor  differences  in  applica¬ 
tions,  libraries  and  the  configuration 
of  the  systems  may  mean  that  precom¬ 


piled  software  (including 
many  commercial  applica¬ 
tions)  for  one  Linux  distri¬ 
bution  may  not  work  with 
another.  This  has  compli¬ 
cated  the  distribution  of 
software  —  a  critical  prob¬ 
lem  for  a  new  operating 
system  —  and  also  admin¬ 
istration,  as  skills  can’t 
always  be  easily  migrated 
because  of  the  differences 
between  the  distributions. 

The  Linux  Standard  Base 
(LSB)  project  is  addressing 
the  issue  of  incompatible  distributions. 
By  standardizing  on  the  components 
that  make  up  Linux,  LSB  will  improve 
software  compatibility  and  the  ability 
of  administrators  to  migrate  their  skills 
to  other  Linux-based  distributions. 

A  New  Alternative 

We  now  have  a  new  player  in  the  field: 
OpenSolaris.  Here  we  have  the  public, 
source-based  launch  of  an  operating 
system  with  a  great  history  of  com¬ 
mercial  development  and  deployment. 
Solaris,  the  source  of  the  OpenSolaris 
code,  has  a  large  existing  base  of  cus¬ 
tomers  that  use  the  operating  system 
in  everything  from  network  servers 
that  support  the  Internet  to  the  mas¬ 
sive  servers  that  produce  your  credit 
card  statements. 

Compared  with  most  operating  sys¬ 
tems,  Solaris  is  old.  And  while  you 
might  think  its  age  makes  it  unattrac- 
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tive,  from  a  business  perspective,  that 
history  makes  it  wise.  Solaris  has  a 
heritage  that  other  operating  systems, 
Linux  included,  can  only  dream  of.  So¬ 
laris  has  23  years  of  commercial  devel¬ 
opment  behind  it,  and  that  means  a 
dedicated  team  of  programmers,  not  a 
group  of  enthusiastic  volunteers. 
That’s  23  years  of  optimizing  and  im¬ 
proving  the  operating  system  —  years 
of  trials  and  tests  to  determine  the 
most  sensible  layout  of  files,  compo¬ 
nents  and  applications.  Solaris  is  a 
Unix  operating  system  with  a  standard 
set  of  rules  for  how  it  works. 

OpenSolaris  provides  the  same  flexi¬ 
bility  and  capability  to  produce  distrib¬ 
utions  that  we  have  with  Linux.  The 
creation  of  OpenSolaris-based  distribu¬ 
tions  has  already  started.  It’s  just  a  cou¬ 
ple  of  months  into  the  project,  and  al¬ 
ready  there  are  two  OpenSolaris-based 
distributions,  Schillix  and  BeleniX. 
OpenSolaris-based  distributions  are  al¬ 
ready  binary-compatible  with  existing 
Solaris  applications,  and  vice  versa. 

The  incompatibilities  between  dis¬ 
tributions  that  have  plagued  Linux 
for  so  long  aren’t  an  issue  with  Open¬ 
Solaris-based  distributions.  The  rea¬ 
son  is  simple:  A  Linux  distribution  is  a 
kernel  combined  with  other  tools,  but 
OpenSolaris  is  an  operating  system  in 
its  own  right;  it  doesn’t  need  addition¬ 
al  tools  to  make  it  work. 

For  Linux,  we’re  trying  to  push 
many  distributions  through  to  com¬ 
press  them  into  a  standard.  With 
OpenSolaris,  we  are  already  at  the 
small  end  of  standardization.  What 
will  follow  is  more  OpenSolaris  distri¬ 
butions  spreading  out  from  that  core. 

Only  time  will  tell  whether  the  ap¬ 
proach  will  work  for  Sun  and  Solaris 
in  the  long  run.  ©  57509 
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HP  ProLiant 
ML310G2  SERVER 
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Intel®  Pentium®4  Processor  (3GHz.  800MHz) 
1GB  Total  PC3200  DDR  ECC  SDRAM 
(2)  80GB  SATA  Hard  Drives' 

5U  Tower  with  optional  rack  kit 
Hardware  limited  warranty,  1-year  parts, 
1-year  labor,  1-year  next-business-day 
on-site  support 


HP  STORAGEWORKS  DAT  40 
USB  INTERNAL  TAPE  DRIVE 


Easily  connects  to  the  ML310  internal 
USB  port 

No  more  SCSI  interface  costs  or  complications 
Same  performance,  capacity  and  reliability  as 
DAT  40  SCSI 

Includes  HP's  exclusive  One-Button  Disaster 
Recovery  for  quick  server  restores 
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SUDDENLY  YOU  CAN  APPRECIATE 
MICROMANAGERS. 


Finally  a  micromanager  you  want  around:  the  powerful  and  reliable  HP  ProLiant  ML310  G2  server.  Loaded  with 
HP-developed  manageability  features  and  powered  by  the  Intel®  Pentium'"  4  Processor,  the  ML310  is  designed  to  minimize 
maintenance  and  maximize  productivity.  Just  pop  in  the  SmartStart  CD  to  walk  you  through  installation  and  get  your 
system  up  and  running.  HP  Systems  Insight  Manager  will  monitor  your  system  and  alert  you  to  potential  problems 
before  they  arise.  Then  leave  it  be— the  optional  remote  management2  tools  let  you  keep  track  of  your  server  no 
matter  where  you  are.  And,  for  a  fast,  easy  backup  solution,  bundle  it  with  the  all-new  HP  StorageWorks  DAT  40  USB 
internal  tape  drive.  Just  another  reliable  solution  from  the  HP  Smart  Office  Portfolio. 


SMART  ADVICE  >  SMART  TECHNOLOGY  >  SMART  SUPPORT 


Three-year  Care  Pack 

Add  three  years,  next-business-day  on-site  support  for  $199 

Visit  our  Web  site  to  download  a  free  guide: 

Getting  Started  with  HP  Systems  Insight  Manager. 

WiBM 


Call  1-888-291-0364 
Click  hp.com/go/ML330mag2 
Contact  your  local  reseller 


Prices  shown  are  HP  Direct  prices;  reseller  and  retail  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  include  applicable  state  and  local  taxes  or  shipping  to  recipient's  address.  Offers  cannot  be  combined  with  any  other  offer  or  discount,  are  good  while  supplies  last  and  are  available  from  HP  Direct 
and  participating  HP  resellers.  All  featured  offers  available  in  U.S.  only.  Savings  based  on  HP  published  list  price  of  configure-to-order  equwalent  ($1 .427  -  $358  instant  savings  =  $1 ,069).  Certain  warranty  restrictions  and  exclusions  may  apply.  For  complete  warranty  details,  call  1  -800-345-1 51 8  (U.S.).  1 .  For  hard 
drives,  GB=billion  bytes.  2.  Optional  Remote  Insight  Lights-Out  Edition  II  (RIL0E II).  Intel,  Intel  Inside,  the  Intel  Inside  Logo  and  Intel  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2005  Hewlett  Packard  Development  Company,  L.P. 


Flexibility 

Don't  think  of  the  regulatory  requirements  demanded 
by  compliance  as  just  being  restrictive.  Centralizing 
control  over  business  rules  enables  your  lines  of 
business  to  be  more  responsive  to  the  demands  of  a 
changing  market.  With  IT  management  software  from 
CA,  you  can  effectively  define,  execute,  manage  and 
optimize  business  process  and  performance,  increasing 
the  agility  of  your  systems.  Over  95  percent  of  the 

Global  1000  rely  on  CA  software.  Learn  how  linking  '< 

business  processes  to  IT  resources  can  make  your 
enterprise  more  nimble  at  ca.com/compliance. 

Or  call  1-800-225-5224,  promo  code  1725. 
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Career  Watch 

Peter  Presland-Byrne  of  Countrywide  Financial 
Corp.  answers  readers’  questions  about 
certifications  and  training;  plus  stupid  interview 
questions,  top  books  IT  pros  are  reading  and 
what  makes  “millennials”  so  different.  Page  44 


BOOK  REVIEWS 

The  Human  Nature 
Of  Management 

Thomas  Hoffman  looks  at  recent  books  on 
leadership  and  the  people  side  of  business 
process  management,  as  well  as  a  “cheat 
sheet”  on  IT  project  management.  Page  46 


IT  SEEMED  a  reasonable  approach  at 
the  time.  Whenever  a  server  went 
down,  the  IT  operations  people  at  The 
Procter  &  Gamble  Co.  tried  to  figure 
out  why.  They  did  root-cause  analysis 
in  order  to  discover  the  origin  of  the 
problem  and  fix  it.  Then  they  brought 
the  server  back  up. 

Trouble  was,  users  had  to  cool  their 
heels  in  the  meantime,  losing 
e-mail  service  or  reporting 
capabilities  for  as  long  as  an 
hour.  But  now,  thanks  to 


Managers’  Forum 

Paul  Glen  offers  advice  on  how  to  fix  a 
project  with  too  many  sponsors  and 
what  to  do  about  the  manager  whose 
informal  adviser  seems  to  be  running 
the  show.  Page  48 


guidance  from  the  Information  Tech¬ 
nology  Infrastructure  Library  (ITIL), 
P&G  reboots  servers  immediately  and 
restores  service  within  minutes.  The 
root-cause  analysis  follows,  out  of 
view  of  users. 

“We  saw  a  large  decrease  in  the  time 
that  customers  were  waiting  for  ser¬ 
vices  to  come  back  up,”  says  Kevin 
McLaughlin,  security  system  manager 
at  P&G.  “With  ITIL,  we  might  have 
been  having  the  same  number  of  is¬ 
sues  initially,  but  [users]  didn’t  feel 
them  like  in  the  past.  It  helped  IT  pre¬ 
sent  a  better  face  to  the  customer.” 

Presenting  a  better  face  to  users  is 
at  the  heart  of  ITIL,  a  collection  of 
procedures  and  best  practices  for  IT 
services  management  and  operations. 

Developed  in  the  late  1980s  by  the 
British  government  and  popular  in 
Europe  throughout  the  ’90s,  ITIL  has 
more  recently  caught  fire  in  the  U.S. 
Although  there  are  alternatives,  ITIL 
is  becoming  the  tool  of  choice  for  stan¬ 
dardizing,  integrating  and  managing 
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MORETOCOME 


ITIL  is,  literally,  a  library.  Users  often  say  the  ITIL  books  provide 
the  “what"  but  not  the  “how”  of  IT  services  management.  Some 
ITIL  practitioners  like  that,  saying  they  want  guidelines  only,  not 
punishing  details  about  what  forms  to  fill  out  and  so  on.  But  oth¬ 
ers  say  they  wish  ITIL  left  a  bit  less  to  the  imagination. 

“ITIL  is  the  books,”  says  Brian  Childers,  a  member  of  the 
board  of  directors  of  the  ITSMF  coalition  of  ITIL  users  and  soft¬ 
ware  vendors.  “Then  you  have  to  cause  the  books  to  come  to 
life.  It  really  is  a  best-practice  framework.  It  says  you  should  do 
these  things,  but  it  doesn’t  say  exactly  how." 

ITIL,  now  in  its  second  version,  is  at  the  beginning  of  an 
18-month  “refresh"  by  the  U.K.  Office  of  Government  Commerce 
(OGC)  and  the  agency's  various  ITIL  “partners,”  such  as  the 
ITSMF. 

One  impetus  for  the  refresh,  says  Childers,  is  to  add  more 
implementation  detail  in  the  form  of  templates  that  would  speci¬ 
fy  which  information  to  record,  which  metrics  to  capture  and 
soon. 

Some  have  said  ITIL  doesn’t  clearly  tie  IT  processes  to  busi¬ 
ness  processes.  Here,  too,  it  appears  that  the  OGC  is  listening. 

In  August  the  agency  said,  “Our  overwhelming  driver  for  the  re¬ 
fresh  is  to  improve  the  usefulness  and  applicability  of  ITIL  in 
support  of  business  need  and  to  clarify  the  link  between  em¬ 
ployment  of  the  best  practices  and  business  benefits.” 

-  Gary  H.  Anthes 


HOT  COMPETING 


Jf  EARTHLINK 


CAPITAL  ONE  FINANCIAL  CORP. 


IT  service  delivery.  According  to  a  sur¬ 
vey  by  Cambridge,  Mass.-based  For¬ 
rester  Research  Inc.,  as  of  a  year  ago, 
12%  of  $1  billion  companies  had  adopt¬ 
ed  some  portion  of  ITIL,  and  one-third 
said  they  were  getting  started  on  ITIL 
or  were  considering  using  it. 

P&G  was  an  early  adopter  of  ITIL  in 
the  U.S.  six  years  ago.  The  company 
started  with  two  of  the  10  ITIL  compo¬ 
nents  —  incident  management  and 
configuration  management  —  and  has 
since  adopted  components  for  prob¬ 
lem  management,  change  management 
and  help  desk  management.  Along  the 
way,  P&G  outsourced  much  of  its  IT 
service  delivery  to  Hewlett-Packard 
Co.,  and  ITIL  practices  are  now  in 
place  at  both  companies. 

McLaughlin  says  HP’s  use  of  ITIL 
was  “one  of  the  factors  in  their  getting 
the  outsourcing  deal.” 

All  About  Risk 

Fifth  Third  Bank  in  Cincinnati  started 
with  ITIL’s  components  for  incident, 
change  and  configuration  management 
just  a  year  ago.  The  bank  considered 
other  quality  frameworks,  such  as  the 
audit-focused  Cobit  (Control  Objec¬ 
tives  for  Information  and  Related 
Technology),  as  well  as  operational 
standards  from  the  Federal  Financial 
Institutions  Examination  Council.  “We 


felt  that  for  what  we  wanted  to  accom¬ 
plish,  ITIL  fit  perfectly,”  says  Eric 
Strunk,  system  vice  president  for  ser¬ 
vice  management. 

At  the  time,  the  bank  had  separate 
change  processes  for  hardware,  soft¬ 
ware  and  infrastructure,  and  its  leader¬ 
ship  felt  ITIL  would  give  them  a  uni¬ 
fied  view  of  those,  Strunk  says. 

“We  made  30,000  changes  in  2004,” 
he  says.  “What  is  the  risk  and  impact  of 
a  change?  We  needed  a  better  way  of 
managing  that.  Being  a  bank,  we  are  all 
about  managing  risk.” 

The  bank  also  wanted  to  link  its 
processes  for  incident  and  change  man¬ 
agement  more  tightly  so  as  to  help  it 
pinpoint  the  causes  of  outages.  “It  al¬ 
lows  us  to  narrow  the  search  and  very 


quickly  get  the  right  people  to  [ana¬ 
lyze]  the  event,”  Strunk  says. 

He  says  the  bank  is  currently  devel¬ 
oping  metrics  to  help  it  measure  the 
benefits  of  its  investments  in  ITIL.  He 
hopes  to  plot  the  relationship  over 
time  of  change  volume  against  the  fre¬ 
quency  and  duration  of  outages.  “You 
can’t  prove  what  you  don’t  measure,” 
Strunk  says. 

ITIL  practitioners  say  that’s  a  key  to 
success  with  any  quality-improvement 
effort.  “As  soon  as  you  start,  get  met¬ 
rics  immediately,”  advises  Brian 
Childers,  a  member  of  the  board  of  di¬ 
rectors  of  IT  Service  Management  Fo¬ 
rum  USA  (ITSMF),  a  coalition  of  ITIL 
users  and  software  vendors.  “As  you 
get  down  the  road,  people  will  ask  you 


what  you’ve  been  doing  since  x  time, 
and  the  failure  to  capture  metrics  at 
the  very  beginning  makes  it  difficult  to 
answer  that  question.” 

Integrating  Excellence 

IT  operations  were  fragmented  at 
EarthLink  Inc.  two  years  ago  —  each  of 
the  company’s  service  areas  had  its 
own  processes  for  IT  service-level 
management.  “People  were  practicing 
good  process  for  particular  areas,”  says 
Willa  Fabian,  an  IT  vice  president  at 
the  Atlanta-based  Internet  services 
provider.  “But  there  was  no  way  to 
look  at  things  as  a  whole.” 

Paradoxically,  those  pockets  of  oper¬ 
ational  excellence  turned  out  to  be  a 
challenge  to  bringing  in  ITIL,  Fabian 
says.  “It’s  a  huge  cultural  change  to  say, 
‘I  know  you  are  practicing  good  proc¬ 
ess  in  your  particular  area,  but  now 
we  all  have  to  come  together  and  do  it 
one  way.’  ” 

EarthLink  was  able  to  head  off  much 
of  the  anticipated  resistance  by  having 
a  workshop  very  early  in  the  move  to 
ITIL  with  about  40  of  the  company’s 
“best  thinkers”  in  IT  engineering  and 
operations,  she  says. 

A  decision  to  embrace  ITIL  wasn’t 
dictated  by  a  senior  manager  but 
emerged  from  the  workshop  partici- 

Continued.  on  page  42 


DO  IT  RIGHT,  OR  ITIL  FAILS 


■  Start  small.  Don’t  tackle  more  than  two  or 
three  ITIL  components  at  one  time. 


■  Look  for  software  tools  to  automate 
ITIL  processes,  especially  those  that  hel 


i  Assess  your  current  practices  to  find  pain  change  management. 


■  Implement  incident  management -the  part 
most  visible  to  users  and  customers -early  on. 


■  Be  flexible.  Don't  be  “process  police." 


■  Get  key  personnel  on  board  early  with 
process  improvement  workshops  and 
[TIL  training. 


■  Recognize  that  ITIL  is  a  multiyear  effort. 


OUTSTANDING  ACHIEVEMENT 


Award-winning  products  have 
a  way  of  transforming  the  office. 
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All  the  productivity  you  want. 

All  the  document  security  you  need. 
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WHAT'S  NOT  TO  LIKE? 


ITIL  practitioners  say  that  ITIL  support  prod¬ 
ucts  have  made  important  advances  in 
recent  years  but  have  a  considerable  way 
to  go. 

Tom  Holmes,  vice  president  of  technology 
operations  at  JM  Family  Enterprises  inc.  in 
Deerfield  Beach,  Fla.,  says  the  tools  are  often 
rigid  and  difficult  to  tailor  to  specific  needs. 
And  the  ability  to  produce  ITIL-compliant 
performance  reports  “is  a  common  void  in 
most  support  tools,”  he  says.  “Producing  a 
useful  report  requires  an  export  of  ticket  data 
to  a  spreadsheet  or  a  third-party  database 
reporting  tool.  Both  options  increase  com¬ 
plexity,”  he  explains. 

“The  tools  are  still  in  their  infancy,”  says 
Kevin  McLaughlin,  security  system  manager 


i  todays  envi¬ 
ronment,  as 
security -conscious  as 
we  are  and  as  many 

attacks  as  companies 


more  at  the  forefront 


more  at  the  forefront,”  he  says. 

Willa  Fabian,  an  IT  vice  president  at  Earth- 
Link,  agrees.  “We  kind  of  had  tJmvent  our 
owBsecurity  management  implementation,” 
she  says.  “Even  today,  that’s  a  pretty  weak 
area.” 

Fabian  says  she’d  like  to  see  ITIL  include 
more  implementation  specifics,  “instead  of 
just,  ‘Release  management  is  a  good  thing,’ 
there  isn’t  really  alt  about  how  to  define  it  in 
an  operational  way  that  people  can  act  upon,” 
she  says. 

And  George  Spaulding,  a  consultant  at  ITIL 
consultancy  Pink  Elephant,  faults  ITIL  for  its 
weakness  in  knowledge  management. 

Many  ITIL  components,  such  as  service 
desklhcident  and  problem  management. 


at  Procter  &  Gamble.  He  says  it’s  easy  to  find  . .  require  a  historical  repository  of  incidents,  he 


KEVIN  MCLAUGHLIN, 
security  system  manager, 
Procter  &  Gamble 


a  tool  that  will  support  some  small  number  of 
ITIL  functions,  but  a  company  wishing  to  au¬ 
tomate  support  for  all  of  ITIL  will  require 
multiple  software  products. 

McLaughlin  says  ITIL  itself  is  weak  in  its  treatment  of  secu¬ 
rity.  “In  today’s  environment,  as  security-conscious  as  we  are 
and  as  many  attacks  as  companies  get,  security  should  be 


says.  But  ITIL  doesn’t  say  how  to  create  it, 
what  should  be  in  it  and  where  to  get  the  infor¬ 
mation.  “It’s  just  assumed  you’ll  have  a  knowl¬ 
edge  base  of  incidents,  with  resolution  and 
fixes,”  he  says.  “Many  of  the  ITIL  tools  have  knowledge  man¬ 
agement  built  in,  but  it’s  a  function  ITIL  doesn’t  really  address.” 

-  Gary  H.  Anthes 
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Continued  from  page  40 

pants.  “It  was  a  huge  change,  but  we 

could  always  tie  it  back  to,  ‘This  came 

from  your  recommendations,’  ”  Fabian 

says. 

After  the  workshop,  corporate-level 
“process  owners”  were  named  for 
each  major  ITIL  area  —  change  man¬ 
agement,  problem  management  and  so 
on  —  and  corresponding  subprocess 
owners  were  named  within  each  of 
EarthLink’s  service  departments.  As 
ITIL  was  rolled  out,  regular  meetings 
among  these  people  ensured  consis¬ 
tency  across  the  entire  company,  ac¬ 
cording  to  Fabian. 

Forrester  analyst  Jean-Pierre  Gar- 
bani  recommends  that  companies  take 
a  very  flexible  approach  to  ITIL.  Oth¬ 
erwise,  he  says,  ITIL  will  suffer  the 
same  fate  as  some  of  the  ideas  for  soft¬ 
ware  development  process  improve¬ 
ment  from  the  1980s.  “There  was  the 
creation  in  companies  of ‘process  po¬ 
lice,’  and  the  result  was  that  no  one  is 
using  those  process  improvement 
methodologies  anymore,”  he  says. 

Instead,  “send  a  couple  of  guys  to 
get  certified  and  use  them  as  resident 
experts,”  says  Garbani.  “Lead  a  couple 
of  seminars  to  initiate  the  company  to 
ITIL.  Make  sure  people  understand 
that  the  library  is  there  for  reference, 
and  use  it  as  a  source  of  education.” 


While  the  degree  to  which,  compa¬ 
nies  embrace  ITIL  varies  considerably, 
any  reasonably  rigorous  adoption  of 
ITIL  is  no  small  job.  Fifth  Third  Bank, 
whose  IT  budget  is  $250  million,  spent 
$1.2  million  in  the  first  year  to  imple¬ 
ment  three  ITIL  processes.  “We  still 
have  a  long  way  to  go,”  Strunk  says, 
adding  that  the  whole  thing  will  take 
three  to  five  years  total. 

Taking  Stock 

Most  ITIL  practitioners  say  it’s  essen¬ 
tial  to  do  a  thorough  self-assessment 
at  the  beginning,  both  to  pinpoint 
those  areas  most  in  need  of  improve¬ 
ment  and  to  establish  a  baseline  to 
measure  improvements  against. 

The  assessments  can  range  from  in¬ 
expensive  in-house  efforts,  based  on 
free  templates  from  the  ITSMF,  to  six- 
figure  consulting  engagements,  says 
Tom  Lydon,  service  desk  and  data  cen¬ 
ter  manager  at  Thomson  Legal  &  Reg¬ 
ulatory,  an  Eagan,  Minn.-based  unit  of 
The  Thomson  Corp.  that  provides  in¬ 
formation  services  to  professionals  in 
the  legal,  tax  and  accounting  fields, 
among  others. 

Lydon  says  ITIL  “foundation”  train¬ 
ing,  based  on  a  three-day  course,  got 
the  middle  tier  of  IT  managers  at 
Thomson  well  on  board.  But  that’s  not 
enough.  “One  of  the  things  we  strug¬ 


gle  with  is  we  have  to  continually  sell 
the  need  for  process  investments  up 
the  chain,”  he  says. 

Despite  the  difficulties,  George 
Spaulding,  executive  consultant  at 
Pink  Elephant,  a  Toronto-based  ITIL 
consultancy,  cautions  against  buying 
ITIL  support  software  right  away. 
“Tools  will  not  make  process;  they  will 
just  automate  your  existing  process,” 
he  says. 

Another  temptation  is  to  start  your 
ITIL  initiative  by  building  a  configura¬ 
tion  management  database.  The  data¬ 
base  is  “the  center,  the  one  place  where 
everything  in  ITIL  intersects,”  Spauld¬ 
ing  says.  But  he  suggests  that  you  hold 
off  if  you  don’t  have  one  already. 

“Wait  until  you  have  put  in  a  couple 
of  processes,  like  service  desk,  inci¬ 
dent  and  problem  [management],”  he 
says.  Why?  A  configuration  manage¬ 
ment  database  does  nothing  in  isola¬ 
tion;  it’s  useful  only  as  it  supports  oth¬ 
er  processes. 

Meanwhile,  P&G’s  McLaughlin  ad¬ 
vises  being  patient  and  persevering 
while  moving  to  ITIL.  “It’s  very  time- 
consuming  to  get  technologists  to  un¬ 
derstand  that  it’s  OK  to  reboot  a  serv¬ 
er  without  understanding  immediately 
why  it  went  down,”  he  says.  “There’s  a 
lot  of  retraining,  a  lot  of  cultural 
change.”  ©  57555 
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WHAT  MODELS  ARE  YOU  PUNKIN8  T0 
STANDARDIZE  6N  FOR  IT  OPERATIONS? 

ITIL  only  31% 

ITIL  and  ISO  9000  or  Six  Sigma  19% 

ITIL  and  Cobit  or  CMM 13% 

Six  Sigma  only  7%  I 
Cobit  only  4%  I 
CMM  only  3%  I 
ISO  9000  only  3%  I 
All  of  the  above  1%l 
None  of  the  above  19% 

BASE:  134  I  f  PROFESSIONALS 
SOURCE:  GARTNER  INC..  STAMFORD,  CONN., 

DECEMBER  2004 


YOUR  JOB  IS  TO  KEEP  SYSTEMS  AND  APPLICATIONS  RUNNING. 
OUR  MISSION  IS  TO  KEEP  PEOPLE  AND  INFORMATION  CONNECTED. 

LET’S  WORK  TOGETHER. 


Continuous  access  to  information  no  matter  what.  That’s 
Information  Availability.  It’s  what  your  employees,  suppliers  and 
customers  demand  every  minute  of  every  day.  But  to  deliver  it 
flawlessly,  you  need  a  massive  global  infrastructure,  redundant 
systems  and  diverse  networks  being  monitored  and  supported 
by  skilled  technical  experts  at  secure  facilities.  That’s  exactly 
what  SunGard  provides. 

As  a  result,  we  can  offer  you  a  higher  level  of  availability  and 
save  your  company,  on  average,  25%*  versus  building  the 
infrastructure  yourself.  Plus,  it’s  a  vendor  neutral  solution  that 
lets  you  control  your  data, applications  and  network  while  giving 
you  the  flexibility  to  adjust  to  the  changing  needs  of  your 
business.  But  best  of  all,  it  lets  you  spend  more  time  solving 
business  problems  and  less  time  solving  technical  problems. 


For  years,  companies  around  the  world  have  turned  to 
SunGard  to  restore  their  systems  when  something  went 
wrong.  So,  it’s  not  surprising  that  they’re  now  turning  to 
to  mitigate  risk  and  make  sure  they  never  go  down  in  the 
first  place. 

You  want  your  network  and  systems  to  always  be  up  and 
running.  We  want  the  same  thing.  Let’s  get  together.  To 
learn  more,  visit  www.availability.sungard.com  or  call 
1-800-468-7483. 


SUNGARD 

Availability  Services 


Keeping  People 
and  Information 
Connected ,™ 


'Potential  savings  based  on  IDC  White  Paper,  Ensuring  Information  Availability: 
Aligning  Customer  Needs  with  an  Optimal  Investment  Strategy. 
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Top  Reads 

We’ve  all  seen  the  polls  that  show  C++  and 
Java  to  be  in  great  demand  right  now.  So, 
what  are  IT  professionals  reading?  Appar¬ 
ently,  many  of  them  are  boning  up  on 
these  hot  skills.  The  top  five  books 
accessed  from  the  ITPro  section  of 
Books24x7.com  recently: 
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9  FIREFOX  SECRETS,  by  Cheah  Chu 
Yeow  (SitePoint,  2005) 


S  PROFESSIONAL  C++,  by  Nicholas  A. 
Sorter  and  Scott  J.  Kleper  (Wrox  Press, 
2005) 


B  WEB  STANDARDS  PROGRAMMER’S 
REFERENCE:  HTML,  CSS,  JAVA¬ 
SCRIPT,  PERL,  PYTHON,  AND  PHP, 

by  Steven  M.  Schafer  (Wrox  Press,  2005) 


■  BEGINNING  JAVASERVER  PAGES, 

by  Vivek  Chopra,  et  al.  (Wrox  Press,  2005) 

m  CCNA:  CISCO  CERTIFIED  NETWORK 
ASSOCIATE  STUDY  GUIDE,  5TH  EDI¬ 
TION.  by  Todd  Lammle  (Sybex,  2005) 
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Privacy 

Pioneer 


IBM  is  out  in  front  on  an  employment  issue. 
Reuters  reports  that  the  company  has 
pledged  not  to  use  genetic  data  to  screen 
employees  and  applicants  in  what  Reuters 
says  was  the  first  such  move  by  a  major  cor¬ 
poration  to  safeguard  a  new  category  of  pri¬ 
vacy.  IBM  also  said  it  would  refrain  from  us¬ 
ing  the  data  in  determining  eligibility  for 
health  care  or  benefits  plans.  The  pledge 
comes  as  Congress  debates  a  proposed  pri¬ 
vacy  bill  that  would  bar  health  insurers  and 
employers  from  discriminating  against  peo¬ 
ple  with  a  genetic  predisposition  to  disease. 


Number  of  available  tech  jobs 
posted  on  Dice.com  as  of  Sept.  30. 


I’D  BE  A  CHICKEN,  SO 
THAT  I  MIGHT  BECOME 
CHICKEN  SOUP 

Liz  Ryan  lays  into  some  “Stupid  Interview 
Questions”  in  a  Sept.  21  column  on  Business 
Week  Online.  Some  of  the  questions  are  obvi¬ 
ous  in  their  inanity  (“If  you  were  an  animal/a 
can  of  soup/some  other  random  object,  which 
one  would  you  be?”),  but  what  does  she  have 
against  “What  in  particular  interested  you  about 
our  company?"  Ryan  acknowledges  that  it’s  a 
reasonable  question  on  one  level,  but  she  says 
that  for  most  of  us,  “the  most  appealing  thing 
about  any  job  is  that  you  got  the  darned  inter¬ 
view.”  As  Ryan  writes,  “Come  on,  people!  There 
are  millions  of  thoughts  in  the  human  brain.  Can 
we  change  the  ones  we  use  in  job  interviews 
every  decade  or  so?” 


Ask  a 

Premier  100 
IT  Leader 


Peter 

Presland-Byrne 

i  TITLE:  Senior  vice 
president 


COvTLAriY:  Country¬ 
wide  Servicing  Systems  Develop¬ 
ment  unit,  Countrywide  Financial 
Corp.,  Calabasas,  Calif. 

Presland-Byrne  is  this  month’s 
guest  Premier  100  IT  Leader,  an¬ 
swering  readers'  questions  about 
certification,  choosing  course 
work  and  promoting  training.  If 
you  have  a  question  you’d  like  to 
pose  to  one  of  our  Premier  100  IT 
Leaders,  send  it  to  askaleader® 
computerworld.com,  and  watch 
for  this  column  each  month. 


There  is  so  much  to  learn,  and  so  little 
time.  I  am  a  Web  administrator.  What 
kinds  of  certificates  are  worthwhile? 

This  is  an  interesting  and  much-debated  top¬ 
ic.  Sometimes  certifications  help  during  the 
recruitment  process,  but  that  depends  on  the 
hiring  manager  and  the  requirements  for  the 
role.  All  I  can  do  is  speak  from  experience: 
When  I’m  selecting  candidates,  real-world  ex¬ 
perience  matters  significantly  more  than  certi¬ 
fications.  In  the  field  of  Web  administration,  I 
would  suspect  there  are  a  multitude  of  stan¬ 


dards  and  guidelines,  particularly  in  the  area 
of  security.  Web  site  security  skills  are  in  de¬ 
mand,  and  being  up  to  date  and  accredited  by 
a  recognized  body  would  be  beneficial.  [For 
more  on  certifications,  go  to  QuickLink 
56336.] 

I  am  majoring  in  data  communications 
and  information  systems.  I  have  three 
remaining  subjects:  Perl  programming, 
databases  and  project  management. 
Would  it  be  more  beneficial  to  substitute 
one  of  these  for  a  business  subject? 
Against  the  high-level  topics  of  databases  and 
project  management,  Perl  programming 
would  be  the  one  to  substitute.  I  remember 
learning  the  virtues  of  BBC  Model  B  Basic, 
and  I  can  honestly  say  I’ve  never  had  to  write 
a  single  business  application  using  it.  Howev¬ 
er,  if  Perl  programming  is  the  only  one  that  will 
educate  you  about  object-oriented  concepts 
and  design  considerations,  then  perhaps  you 
should  leave  it  on  your  schedule. 

How  can  I  convince  my  managers  that 
they  will  benefit  from  sending  employ¬ 
ees  to  training?  The  best  way  to  justify  any¬ 
thing  is  to  explain  what’s  in  it  for  others.  You 
have  to  explain  why  training  is  important  to 
your  managers,  and  you  need  to  provide  them 
with  materials  that  they  can  use  to  justify 
training  to  their  superiors.  Continuous  learning 
and  improvement  are  critical  parts  of  any 
organization.  IT  managers  should  look  at  IT 
projects  that  support  the  business  goals  and 
ensure  that  there  is  an  IT  strategy  in  place  that 
maps  out  the  achievement  of  those  goals,  in¬ 
cluding  having  the  proper  skills.  It’s  possible 
that  you  could  identify  a  real  gap  between  the 
strategy  and  the  organization’s  ability  to 
achieve  it.  ©  57478 
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Reality  Check 

Forrester  Research  Inc.  tries  to  make  sense  of  the  next  generation  of  IT  workers  in  a 
report  called  “Get  Ready  -  the  Millennial  Are  Coming!”  Millennial,  a.k.a.  the  Gener¬ 
ation  Y  cohort,  are  those  born  between  1980  and  2000,  and  Forrester  says  employ¬ 
ers  will  have  to  use  some  new  tactics  to  engage  them  in  their  jobs.  The  report  makes 
some  valid  points  in  comparing  baby  boomers  with  their  young  replacements  (for  ex¬ 
ample,  people  born  in  1980  became  familiar  with  computers  at  a  much  younger  age 
than  those  bom  in  1946),  and  it  uses  lots  of  statistics  to  back  up  its  conclusions,  in¬ 
cluding  the  following  chart  from  its  Consumer  Technographics  2005  North  American 
Benchmark  Study,  a  mail  survey  to  68,661  North  American  households. 


r 

1  strongly  agree  with  the  statement 

1 

“having  fun  is  the  whole  point  of  life,” 

AGE  18-34 

37% 

AGE  35-54 

I)  29% 

AGE  55+ 

■  19% 

L. _ _ 

a 

Question  to  Forrester:  If  this  same  question  had  been  asked  in  1971,  when  the 
oldest  boomers  were  turning  25,  how  different  would  the  responses  have  been? 
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'  COMPEitlflG  BUSINESS  CASE  FOB 
BENEVOLENCE  AND  compassion, 
OPTIMISM  AND  HOPE." 

the  foreword  o,  Daniel  Goleman 


RES  0  N  A  Nt 

leadership 


■  Resonant  Leadership,  by  Richard  Boyatzis 
and  Annie  McKee  (Harvard  Business 
School  Press,  286  pages,  $25.95). 

At  a  time  when  the  integrity 
of  corporate  leadership  has 
been  called  into  question 
after  the  accounting  scandals 
at  Enron  and  WorldCom,  American 
business  and  IT  managers  could  use  a 
few  heroes.  And  it’s  under  these  most 
uncertain  of  circumstances,  the  au¬ 
thors  tell  us,  that  “resonant  leaders  are 
stepping  up,  charting  paths  through 
unfamiliar  territory  and  inspiring  peo¬ 
ple  in  their  organizations,  institutions 
and  communities.” 

In  their  2002  best-seller.  Primal 
Leadership:  Realizing  the  Power  of  Emo¬ 
tional  Intelligence,  co-authored  with 
Daniel  Goleman,  Boyatzis  and  McKee 
explained  how  great  leaders  employ 
emotional  intelligence  to  build  solid 
relationships  with  those  around  them. 
Here,  the  authors  describe  how  leaders 
can  create  resonant  relationships  with 
other  business  managers  and  foster 
relationships  among  teams  in  the 
organization. 


Boyatzis  and  McKee  draw 
heavily  from  cognitive  psy¬ 
chology  and  other  social  sci¬ 
ences  to  underscore  just  what 

makes  great  leaders  and  what  - 

separates  them  from  ordinary 
people.  Much  of  their  focus  is  on  steps 
that  people  can  take  to  deliver  contin¬ 
uous  leadership  by  drawing  upon  the 
three  core  qualities  that  resonant  lead¬ 
ers  must  develop:  mindfulness,  hope 
and  compassion.  Among  their  recom¬ 
mendations  for  leaders  are  visualizing 
positive  and  realistic  outcomes  of 
strategies  and  making  the  effort  to  un¬ 
derstand  and  improve  working  condi¬ 
tions  or  situations  for  others. 

The  authors  use  effective  examples, 
such  as  the  hope  that  helped  Norwe¬ 
gian  biathlete  Ole  Einar  Bjoerndalen 
progress  from  a  good  athlete  to  one 
who  won  four  gold  medals  in  a  single 
Olympics  and  the  compassion  that 
Tom  Sharbaugh  exhibited  as  managing 
partner  and  chief  operating  officer  at 
Morgan,  Lewis  &  Bockius  LLP,  which 
motivated  other  lawyers  to  act  for  the 
greater  good  of  the  firm. 

This  is  a  good  read  for  anyone  who’s 
already  a  strong  leader  as  well  as  any¬ 
one  who  aspires  to  be  one.  Sometimes 
we  need  to  be  reminded  of  the  emo¬ 
tional  strength  that  helps  make  great 
people  great  leaders. 


BOOKM 

REVIEWS 


tend  to  focus  too  much  on  how 
systems  interact  with  one  an¬ 
other.  They  fail  to  adequately 
address  the  most  important 
aspect  of  business  processes: 
the  people  who  are  doing  the 
actual  work.  As  author  Peter  Fingar  has 
said,  “Processes  don’t  work;  people  do.” 

This  book  can  be  looked  upon  as  a 
template  for  how  to  work  on  BPM 
projects  from  a  people  perspective. 
Harrison-Broninski,  chief  technology 
officer  at  Role  Modelers  Ltd.  in  the 
U.K.,  does  a  nice  job  of  describing  how 
people  approach  their  work.  He  also 


interactions 


■  Human  Interactions:  The  Heart  and  Soul  of 
Business  Process  Management,  by  Keith 
Harrison-Broninski  (Meghan-Kiffer  Press, 
304  pages,  $39.95). 

aking  steps  to  optimize 
business  processes  and  inte¬ 
grate  them  more  effectively 
with  other  processes  across 
the  company  is  a  popular  pursuit  for 
many  organizations  in  search  of  effi¬ 
ciency  gains.  But  all  too  often,  project 
teams  that  are  involved  in  business 
process  management  (BPM)  efforts 


offers  steps  that  BPM  project  teams 
can  take  to  coordinate  the  three  legs 
that  support  the  BPM  stool:  people, 
processes  and  technology.  There  are 
sections  devoted  to  simple  but  critical 
topics  such  as  how  people  communi¬ 
cate  and  how  people  work  things  out. 

Although  the  book  feels  a  bit  too 
scientific  at  times,  the  underlying 
approach  provides  readers  and  prac¬ 
titioners  with  a  well-constructed 
methodology  for  managing  the  human 
elements  of  BPM. 


—  _ 
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■  How  to  Cheat  at  IT  Project  Management, 

by  Susan  Snedaker  and  Nets  Hoenig  (techni¬ 
cal  editor)  (Syngress  Publishing  Inc.,  576 
pages,  $44.95). 

OK,  I  HAVE  TO  ADMIT  that 
I  was  enamored  with  the 
title  of  this  book,  and 
who  wouldn’t  be?  Despite 
improvements  that  many  project  man¬ 
agement  teams  have  made  in  deliver¬ 
ing  IT  projects  over  the  past  few  years, 
including  the  evolution  of  project 
management  offices  to  centrally  co¬ 
ordinate  projects  and  enforce  the  use  of 
standard  project  management  method¬ 
ologies,  more  than  half  of  all  efforts 
continue  to  run  late,  overbudget  or 
out  of  scope. 

As  the  author  points  out,  this  book 
isn’t  intended  to  provide  readers  with 
an  exhaustive  look  at  IT  project  man¬ 
agement.  But  what  it  sets  out  to  do  — 
and  does  quite  well  —  is  offer  step-by- 
step  guidance  to  IT  project  managers 
on  how  to  improve  their  project  results. 

Snedaker,  founder  of  IT  and  busi¬ 
ness  consulting  firm  VirtualTeam 
Consulting  LLC,  does  a  thorough  job 
of  covering  important  project  issues 
from  beginning  to  end,  including  how 
to  define  projects,  create  a  project 
team,  and  organize  and  track  projects. 
She  also  devotes  a  fair  amount  of  space 
to  exploring  how  to  close  out  a  project, 
including  the  elements  that  should  be 
incorporated  in  the  performance 
reviews  of  project  team  members. 

What  I  like  most  about  the  book  is 
how  clearly  written  it  is.  Snedaker 
avoids  using  mind-numbing  project 
management  jargon  and  writes  in  an 
easy-to-follow,  almost  conversational 
style.  Also  useful  are  the  checklists 
and  FAQs  at  the  end  of  each  chapter. 
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I  hope  this  monthly 
column  will  provide 
a  lively  exchange 
of  ideas  with  IT 
managers.  I’ll  do  my 
best  to  answer  your 
questions,  and  if  you 
care  to  respond, 
we’ll  run  your  com¬ 
ments  alongside. 


PLEASE  SEND  YOUR  QUESTIONS,  : 
COMMENTS  AND  CRITIQUES  TO  ME  AT 

PGLEN@C2-CONSULTIN6.COM. 


!How  do  you  manage  your  sponsors 
when  you  have  three  different 
sponsors  who  have  varied,  often 
competing  views  of  where  a  project  should 

go?  If  you’ve  got  three  sponsors,  you 
don’t  have  a  sponsor.  It’s  like  saying 
you’ve  got  three  first  priorities.  Just  as 
there  can  be  only  one  first  priority, 
there  can  be  only  one  sponsor. 

In  your  case,  what  you  probably 
have,  in  fact,  is  a  disorganized  steer¬ 
ing  committee  that  never  meets  and 
doesn’t  have  anyone  in  charge.  As 
you’ve  already  figured  out,  that’s  not 
a  recipe  for  success.  It’s  the  makings 
for  gridlock,  politics  and  resistance. 

As  an  IT  person,  you’re  going  to  find 
it  rather  difficult  to  manage  the  com¬ 
peting  views  of  differing  business  peo¬ 
ple  with  different  interests. 

What  you  need  to  do  is  recruit  a  pri¬ 
mary  sponsor  from  the  business  side 
and  make  that  person  responsible  for 
forging  consensus  among  all  the  busi¬ 
ness  stakeholders.  Let  the  business 
people  work  together  to  debate  and 
balance  the  various  political  interests. 


They  are  in  a  better  position  than  you 
are  to  facilitate  these  important  politi¬ 
cal  situations. 

You  then  can  take  responsibility  for 
forging  the  consensus  among  the  tech¬ 
nical  stakeholders  (e.g.,  architecture, 
development,  quality  assurance,  de¬ 
ployment,  networking,  operations, 
project  management  office  and  sup¬ 
port)  and  coordinating  the  meetings 
among  the  technical  people.  Together, 
you  and  the  business  sponsor  can 
manage  the  negotiating  process  and 
work  on  gaining  agreement  on  goals, 
process,  product  and  constraints. 

M  jRH  I  have  a  situation  where  I  have  lost 
ill  pi  Pr°fess'onal  respect  for  my 

manager.  She  is  a  very  nice  person 
but  takes  advice  from  her  best  friend,  who  is 
another  manager  here.  We  can’t  implement 
any  policy  or  process  without  her  running  to 
her  friend  to  check  it  out.  It  appears  that  her 
friend  is  taking  advantage  of  this  by  doing 
whatever  he  wants.  Any  advice?  It  sounds 
like  you  have  at  least  three  problems 
here:  1)  your  manager’s  behavior,  2) 
your  manager’s  friend  taking  advan¬ 
tage  of  her  and  3)  your  loss  of  respect 
for  her. 

Let’s  dispense  with  the  easy  one 
first,  No.  2.  Forget  about  doing  any¬ 
thing  about  your  manager’s  friend 
unless  he’s  doing  something  patently 
illegal,  demonstrably  immoral  or 
dangerously  unethical.  If  he  is,  then 
consider  going  to  your  human  re¬ 
sources  representative  or  corporate 
counsel. 

As  for  No.  3,  try  to  cut  your  manager 
a  bit  of  slack.  She’s  probably  not  the 
bozo  that  you  think  that  she  is.  Being  a 
boss  is  a  tougher  and  lonelier  job  than 
you  probably  realize.  Resist  the  urge  to 


judge  her  so  quickly.  You’ll  always  have 
the  opportunity  to  do  that  later.  And  if 
you’re  going  to  be  of  help,  judging  will 
be  an  impediment. 

Now  for  the  tough  problem,  No.  1.  As 
for  your  manager’s  behavior,  it  would 
help  to  know  why  she  is  going  to  her 
friend  for  so  much  advice.  What  is 
driving  her  to  seek  out  such  detailed 
counsel?  Does  she  really  respect  the 
opinion  of  her  friend?  Is  she  afraid  of 
her  boss?  Is  she  new  to  her  job?  Is  she 
concerned  about  the  judgments  of  her 
subordinates?  Did  she  make  a  really 
bad  mistake  recently  that  she’s  eager  to 
avoid  repeating?  Is  she  up  for  a  major 
promotion  or  overly  cautious  by  na¬ 
ture?  For  some  reason,  she  probably 
feels  insecure  or  overly  tentative  about 
her  position,  her  knowledge  of  the  po¬ 
sition  or  her  political  strength. 

Chances  are  that  if  you  think  care¬ 
fully  about  the  situation,  she  has  some 
good  reason  for  feeling  and  acting  this 
way  and  is  using  her  friend  as  a  crutch. 

From  the  way  you  stated  your  ques¬ 
tion,  I’m  assuming  that  you  like  your 
boss,  harbor  no  ill  feelings  toward  her 
and  would  like  to  help  her  —  and  you 
—  to  be  successful. 

Once  you  come  up  with  a  reason¬ 
able  theory  about  what’s  driving  this 
behavior,  you’ll  be  in  a  better  position 
to  help. 

Your  goal  should  be  to  get  into 
the  loop  before  she  announces  any 
new  policies  she  and  her  friend  have 
dreamed  up.  You  want  to  become  her 
trusted  adviser.  You  may  not  be  able 
to  stop  her  from  seeking  advice  from 
her  friend,  but  you  may  be  able  to  be¬ 
come  a  better  source  of  help. 

But  you  can  do  this  only  if  you  really 
understand  why  your  manager  is  doing 
what  she’s  doing.  Next  time  she  comes 
up  with  one  of  these  new  policies  that 
you  feel  is  wrongheaded,  go  to  her  of¬ 
fice  and  initiate  a  private  conversation. 
Honestly  seek  to  better  understand  her 
thinking  behind  the  policy.  Don’t  issue 
any  objections  or  opinions.  Don’t  chal¬ 
lenge  her  or  be  aggressive  or  threaten¬ 
ing.  Just  ask  and  listen  carefully  and 
sympathetically. 

Once  you  get  an  answer  that  makes 
sense,  you’ll  be  in  a  position  to  demon¬ 
strate  your  understanding  of  and  em¬ 
pathy  for  her  challenges.  For  example, 
if  she  says  that  the  policy  is  meant  to 
avoid  miscommunication  between  de¬ 
partments,  you  can  ask  her,  “Is  this  a 
response  to  your  boss’s  recent  tirade 
over  the  missed  connection  between 
departments?” 

If  you  become  a  better  adviser  than 
her  friend  is,  you  may  be  able  to  save 
her  bacon,  and  yours.  O  57566 
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More  on  this 
topic: 

QuickLink 


More  on 

mainframe  skills 

Mainframes  are  where 
80%  of  the  data  is  in  big 
corporations.  In  a  few 
years,  who  will  keep  corporations 
alive  when  people  with  mainframe 
skills  retire?  Unix  and  Windows  are 
just  window  dressing 
for  large  companies. 
They  all  require  main¬ 
frames  to  stay  in  busi¬ 
ness.  You  should  en¬ 
courage  young  people 
to  look  at  MVS  and  CICS  and  Cobol. 
That’s  where  the  money  will  be  in 
seven  to  11  years.  -  K.F. 

Training  a  new  generation  of  people 
to  work  on  MVS,  CICS  and  Cobol  is 
not  as  simple  as  if  may  seem.  Most 

- 

early  training  in  a  university  setting. 
There,  professors  generally  teach 
introductory  courses  and  courses 
focused  on  their  research.  Although 
mainframe  systems  are  critical  to 
business  operations,  I’m  not  sure 
that  lots  of.  cutting-edge,  computer 
science  research  related  to  them  is 

oh  these  systems  becomes  appar¬ 
ent,  I’m  sure  that  a  cottage  industry 
of  trainers  and  programmers  eager 

arise.  -PAUL  GLEN 


I  enjoyed  your  article  re¬ 
garding  mainframe  pro¬ 
grammer/analysts  be¬ 
cause  I  am  one.  I’ve  been  worried 
about  my  job  future  for  some  time. 
Which  industries  need  mainframe 
people?  You  mentioned  banking, 
but  I  thought  recent  mergers  had 
resulted  in  a  lot  of  layoffs.  -  R.P. 

I’d  suggest  looking  for  large  com- 
I ;■!'>/:  il'o  ThT  vv  v 

automation  early,  like  financial  ser- 

/ 

Think  about  the  most  complex  early 
applications  or  those  that  have 
grown  in  complexity  over  the  years. 

. 

■ 
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these  organizations  still  run  their 

urv 

systems.  Good  luck.  -  PAUL  GLEN 
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Xtreme  is  looking  for  Computer 
Professionals  (multiple  open¬ 
ings)  having  Masters  Degree  or 
equivalent  in  CS,  MIS,  CIS, 
Math,  Tech,  Bus,  Engineering,  or 
related  up  to  two  years  of  expe¬ 
rience  in  information  technology 
area.  Responsible  for  architect, 
analysis,  design,  develops,  and 
implement  applications  and  sys¬ 
tems  using  various  applications 
and  tools  as  well  as  in  other 
computer  related  duties.  Must 
have  experience  in  any  one  of 
the  following  skills  sets: 

1.  Active  Directory  and  migrate 
users  from  NT  using  ADMT  tool, 
ARCserve,  Veritas  NetBackup, 
Oracle,  SQL  Server,  Bloomberg, 
Active  Directory,  Oracle  Forms/ 
Reports  6i,  Visual  Basic,  Unix, 
and  Windows  NT. 

2.  Oracle,  DB2,  CICS,  COBOL, 
MVS,  OS  390,  Test  Director,  Win 
Runner,  Load  Runner,  PVCS 
Tracker,  Developer  2000,  C++, 
Visual  Age,  Visual  Basic,  and 
Windows  NT. 

3.  Weblogic,  Apache,  Web  Ob¬ 
jects,  Oracle,  SAP,  SQL  Server, 
Forms6i,  Reports  6i,  Power¬ 
Builder,  Crystal  Reports,  Perl, 
Java  Script,  .Net,  Unix  and 
Windows  NT. 

4.  Java,  CORBA,  VC++,  ASP- 
Net,  Weblogic,  Apache,  JSP, 
IIS,  Oracle,  SQL  Server,  Clear 
Case,  CVS,  EJB,  Unix,  Linux 
and  Windows  NT/2000. 

5.  Object  Oriented  Programming 
and  Content  and  Document 
Management  Solutions  using 
Documentum  e-Content  server 
and  J2EE,  Weblogic,  Web 
Sphere,  Cold  Fusion,  Dream 
Weaver,  Oracle,  C#,  .Net 
Framework,  VC++,  Visual  Basic, 
Solaris,  and  Windows  NT/2000. 
(Requires  only  Masters  Degree 
with  no  experience). 

6.  Install,  configure,  administer, 
migrate  and  perform  other  relat¬ 
ed  DBA  activities  using  Apple 
Xserve,  XRaid  (LAN  to  WAN), 
UNIX  based  Mac  OS  X,  Mac  OS 
X  Open  Directory,  Active  Direc¬ 
tory,  LDAP,  File  Maker  Pro,  Shell 
Script,  Retrospect  Server,  BRU 
Server. 

7.  Coordinate  System  Analysis, 
Database  Design,  Coding,  Test¬ 
ing  and  Implementation  of  Orac¬ 
le  Application  on  Linux,  Unix  and 
Windows  NT/2000.  Install,  con¬ 
figure,  administer,  migrate  and 
perform  other  related  DBA  activ¬ 
ities  using  ERD,  DDL,  Erwin, 
Designer,  Oracle  Internet  Appli¬ 
cation  Server,  Weblogic,  Apa¬ 
che,  Tomcat,  Oracle,  SQL  Ser¬ 
ver,  ETL,  OLTP,  OLAP,  and 
RMAN. 

Will  provide  a  competitive  salary 
and  benefits.  Email  resume  to: 
careers@xtremews.com  or  mail 
to  Xtreme  Worldwide  Solutions 
Inc.,  76  Northeastern  Blvd., 
Suite  29  A,  Nashua,  NH  03062. 


Computer/Information  Systems 
Manager- York,  ME:  Informatic 
Technologies  Inc.  needs  exp. 
professionals,  for  multiple  open¬ 
ings,  to  plan,  direct,  coordinate 
activities  in  information  systems 
using  DB2,  Oracle,  Servlets, 
Java,  Weblogic,  Rational  Rose, 
Visual  SourceSafe,  JBuilder, 
Crystal  Reports,  streamline  the 
IT  process.  Competitive  salary 
with  benefits.  Please  send 
resume  to  -  Informatic 
Technologies  Inc.,  Meadow 
Brook  Plaza.  647  US  Rt  1,  Suite 
212.  PO  Box  2000,  York,  ME 
03909,  Attn.:  HR  Department. 


EDS  is  looking  for  an  Infra¬ 
structure  Specialist  for  its 
Philadelphia.  Pennsylvania  lo¬ 
cation  to  develop,  test  and  pro¬ 
vide  migration  support  for 
WebLogic  and  WebServers;. 
Requires  Bachelors  degree  in 
Electronic  Engineering  and 
two  (2)  years  of  experience  in 
installing,  configuring  and 
maintaining  Cluster  Server, 
UNIX  and  Volume  Manager.  To 
apply,  submit  resume  to  Leo 
Lampman,  Service  Delivery 
Executive,  EDS,  1500  Market 
Street.  Philadelphia,  PA 
19102;  in  reference  to  1117-J. 


Numbers  Only  is  looking  for 
Computer  Professionals  (multi¬ 
ple  openings)  having  Masters 
Degree  or  equivalent  in  CS, 
MIS,  CIS,  Math,  Tech,  Bus,  En¬ 
gineering,  or  related  with  up  to 
two  years  of  experience  in  infor¬ 
mation  technology  area.  Re¬ 
sponsible  for  architect,  analysis, 
design,  develops,  and  imple¬ 
ment  applications  and  systems 
using  various  applications  and 
tools  as  well  as  in  other  comput¬ 
er  related  duties.  Must  have 
experience  in  any  one  of  the  fol¬ 
lowing  skills  sets: 

1.  Oracle,  ADABAS,  DB2,  Infor- 
matica,  Powermart,  Erwin,  Bus¬ 
iness  Objects,  MQ  Series,  Java, 
TOAD,  VSS,  Solaris,  and  Win¬ 
dows  NT/2000  (Requires  only 
one  year  of  experience  for  this 
skill  set). 

2.  Struts  Framework  Technolo¬ 
gy,  Java,  J2EE,  Weblogic,  iPlan- 
et,  Jboss,  Oracle,  Sybase,  SQL 
Server,  LDAP,  C++,'  EJB,  ANT, 
JUnit,  Solaris  and  Windows  NT/ 
2000  (Requires  only  one  year  of 
experience  for  this  skill  set). 

3.  ERP  Applications  such  as  Or¬ 
acle  and  PeopieSoft,  PeopleSoft 
HRMS  Application,  Solaris,  Win¬ 
dows  NT/2000,  PeopleTools, 
PeopleCode,  SQR,  Crystal  Re¬ 
ports  (Requires  only  Masters 
Degree  with  no  experience). 

4.  ERP  Applications  such  as  Or¬ 
acle  and  Oracle  Financial  Appli¬ 
cation  and  modules  such  as  AR, 
OM,  GL,  AP,  Unix  Windows 
NT/2000,  Erwin,  SQL*Loader, 
Forms/Reports  6i,  Java,  and 
Shell  Scripts  (require  Bachelors 
or  equivalent  in  CS,  MIS,  CIS, 
Eng  (any  field),  Tech,  Bus, 
Accounting,  Commerce,  or  Math 
with  2  years  of  experience  in  the 
skills). 

5.  Develop  and  direct  Oracle 
testing  procedures,  program¬ 
ming  and  documentation.  Devel¬ 
op  technical  specifications  and 
design  policies,  procedure  and 
workflows  using  Interworld  Com¬ 
merce  Exchange,  Haht  Com¬ 
merce,  VB,  Java,  Broadvision, 
Unix,  and  Windows  NT/2000 
(require  Bachelors  or  equivalent 
in  CS,  MIS,  CIS,  Eng  (any  field), 
Tech,  Bus,  or  Math  with  2  years 
of  experience  in  the  skills). 

Will  provide  a  competitive  salary 
and  benefits.  Email  resume  to: 
resumes@numbersonly.com  or 
mail  to  Numbers  Only,  Inc.,  21 
Technology  Drive,  West  Leban¬ 
on,  NH  03784. 


Business  Analyst  needed  w/ 
Bach  in  Bus.  Admin,  or  Comp. 
Science  &  2  yrs  to  research, 
analyze  &  gather  business 
reqmts  of  comprehensive  client- 
server  trading  s/ware  applic. 
Test  &  implmt  s/ware  using 
Weblogic,  Jboss,  Java,  XML, 
SOAP,  Oracle,  MS  SQL  on 
Windows  &  Unix  platforms.  Plan 
&  perform  testing  using  Star 
Team  &  Test  Director  on  Win¬ 
dows.  Mail  resumes  to:  Triple 
Point  Technology,  Inc.,  301 
Riverside  Ave.,  Westport,  CT 
06880.  Job  loc:  Westport,  CT  or 
in  any  unanticipated  Iocs  in  US. 


Software  engineer:  Des¬ 
ign,  Develop,  install  su¬ 
pport  software  including 
GUI-based  applications, 
intergrate  financial  data 
banks.  Master  in  com¬ 
puter  science  plus  two 
years  experience  as 
software  engineer.  Send 
resume  to:  Robert  Hirt, 
Najarian  Loans,  Inc., 
3201  Danville  blvd.  Ste. 
195,  Alamo,  CA  94507. 


Research  Applications  Develop¬ 
er.  Chicago,  IL.  Responsible  for 
developing  a  series  of  scripts 
and  applications,  utilizing  Peri 
and  Sybase,  that  will  acquire 
various  types  of  raw  data  and  for 
loading  them  into  the  Research 
Applications  data  warehouse. 
Perform  database  administra¬ 
tion  to  include  daily  checkouts  to 
make  sure  that  data  has  been 
acquired,  cleansed,  and  upload¬ 
ed  into  the  RA  data  warehouse. 
Identify  new  sources  of  data, 
define  data  models  used  for 
internally  representing  data 
sources,  develop  scripts/proces¬ 
ses  for  acquiring  data,  and 
develop  additional  scripts/pro¬ 
cesses  for  cleansing  data. 
Identify,  model,  implement,  and 
store  any  type  of  preprocessing 
required  to  produce  derived 
analytic  data.  Responsible  for 
identifying  reporting  require¬ 
ments,  and  working  with  the 
business  response  team  to  help 
transition  knowledge  about  the 
various  reports  in  order  to  facili¬ 
tate  the  team’s  ability  to  support 
the  use  of  these  reports  in  our 
production  environment.  Will  uti¬ 
lize  C++  programming  lan¬ 
guage,  SQL,  XML  parsing  and 
UNIX  scripting. 

Qualifications  include  a  Master's 
degree  in  computer  science  or 
related  field.  Must  have  three  (3) 
years  of  relevant  experience. 
Must  have  experience  in  the  fol¬ 
lowing:  Perl  and  C++  program¬ 
ming  language;  Sybase  SQL; 
database  administration;  XML 
parsing;  and,  UNIX  background 
including  scripting. 

Qualified  candidates  should 
submit  a  cover  letter  and 
resume,  job  reference  R-0037, 
to  itjobs0037@citadelgroup.com. 
Principals  only  need  apply. 
CITADEL  IS  AN  EQUAL  OP¬ 
PORTUNITY  EMPLOYER. 


Programmers,  Software  Con¬ 
sultants,  Programmer  Analyst, 
DBAs,  Systems  Analyst,  En¬ 
gineering  Programmers,  and 
Software  Engineers:  MS  or  BS 
required  (foreign  equivalent 
accepted),  plus  1  to  2  years  of 
experience.  Will  accept  a  suit¬ 
able  combination  of  experi¬ 
ence,  training  and  education  in 
lieu  of  stated  education.  Travel 
and  Relocation  required.  Multi¬ 
ple  Openings  Available.  Con¬ 
tact:  Carla  Sridharan,  Everest 
Consulting  Group,  3840  Park 
Avenue,  Suite  203  Edison,  NJ 
08820.  REF:  ENJRIRS. 


Web  application  developer  for 
large  Las  Vegas  Internet-based 
business.  Design  and  develop 
software  applications;  develop 
and  maintain  comprehensive 
security  for  networks,  systems 
and  servers.  2-4  years  experi¬ 
ence  or  BS  or  higher,  preferably 
in  computer  science,  math  or 
electrical  engineering.  Expertise 
in  Cold  Fusion  MX  and  certifica¬ 
tion  as  ADVANCED  Cold  Fu¬ 
sion  MX  developer  highly  desir¬ 
able.  Fluent  English  a  must. 
Respond  to  eBizAutos,  10300 
W.  Charleston  Blvd.,  No.  13- 
120,  Las  Vegas,  NV  89135. 


Wood  Group  Pressure  Con¬ 
trol,  LP  seeks  Network  Engin¬ 
eer  I!  to  work  in  Houston,  TX. 
Coordinate  all  network  engi¬ 
neering  functions  to  ensure 
continuous  production  consis¬ 
tent  with  established  stan¬ 
dards  of  international  energy 
services  group.  Candidate 
must  have  Bachelor's  in  Com¬ 
puter  Science  and  2  yrs.  expe¬ 
rience  in  job  offered.  Submit 
resume  to  Melanie  Moore  at 
fax:  832-325-4296  or  mail  to 
3250  Briarpark  Dr.,  Ste.  100, 
Houston,  TX  77042.  Put  job 
code  NE1105  on  resume. 


Find  out  how  to  get  t\ 
your  job  search  and 


the  most  out  of 


Computerworld’s 
Careers  Knowledge 
Center 


SIS 


***■ rr 


Get  the  latest  industry  news,  as  well 
as  valuable  job-  seeking  and  career 
enhancement  advice. 


Read  about  IT-related  issues  such  as: 

-  Hiring/recruiting 

-  Education/training 

-  Consulting/contracting 

-  Skills 


Remember,  knowledge  is  power, 
and  the  Careers  Knowledge  Center 
is  the  place  to  get  it! 


Go  to  www.computerworld.com  today. 
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Lead  IT  Engineer/ 
Computer  Information 
&  System  Manager. 

Yugma  is  seeking  a  highly  moti¬ 
vated  IT  manager  to  manage 
and  lead  high  performance 
embedded  multimedia  software 
project  for  ARM-based  architec¬ 
ture  in  Windows  CE  and  Linux, 
various  multimedial  file  formats 
and  transport  protocols  in  Min¬ 
neapolis.  Position  requires  a 
bachelor's  degree  or  equivalent 
degree  in  computer  science  or 
related  Computer  fields,  and 
minimum  of  five  years  of  work 
experience  working  with  the 
embedded  system.  Send  appli¬ 
cations  to:  Lingaraj,  Yugma,  Inc., 
fax  (952)400-5839.  No  phone 
calls  please. 


COMPUTER  PROGRAM¬ 
MER:  Writes,  tests  & 
maintains  computer  pro¬ 
grams  using  existing  soft¬ 
ware  to  implement  pro¬ 
grams  for  production, 
sales,  inventory  control  & 
accntg.  F/T.  Bachelor's 
degree.  No  exp  reqd.  Mail 
resume  to  K.  Yerganyan, 
Designed  By  Scorpio  Inc, 
3046  Rosslyn  St.,  LA,  CA 
90065. 


ATTENTION: 

Law  Firms 
IT  Consultants 
Staffing  Agencies 


Place  your 
Labor 

Certification  ads 
here! 

Are  you  frequently  placing 
legal/immigration 
advertisements? 

Let  us  help  you  put  together  a 
cost  effective  program  that  will 
make  this  time-consuming 
task  a  little  easier. 


Call 

800-762-2977 


IT 


careers 


SOLA2000  INC.  needs  Sr. 
Software  engineer  with  exp. 
in  Cisco  Call  Manager, 
Unity  Express,  VOIP-SIP, 
MGCP/NCS,  H.323,  SS7, 
Softswitch,  Radius  &  billing 
servers,  TDM.  Database-SQL, 
Oracle  lOg.  Firewalls,  VPN,  data 
&  network  security,  netegrity 
siteminder.  Solaris,  Linux,  Bsd,  , 
shell  scripting.  Master's  degree 
in  CS  or  EE,  1-2  yrs  exp  req’d 
depending  upon  position,  we 
also  accept  any  suitable  combi¬ 
nation,  training  &  exp.  Travel 
and/or  relocation  required.  Attn: 
HR  Manager,  SOLA2000  INC.  1 
Austin  Ave,  Iselin,  NJ.  08830. 


Database  Administrator: 
Glass  Lewis  &  Co.  LLC. 
Optimize,  manage  & 
maintain  database  sys¬ 
tems.  Send  resume  to 
Director  of  IT,  575  Market 
Street,  16th  Floor,  San 
Francisco,  CA  94105  or 
fax  (415)  357-0200.  EOE. 


Ads  Placed  Weekly 


Didn’t  find  the  IT 
Career  Opportunity 
you  were  looking  for? 

Check  back  weekly  for 
fresh  job  listings  placed 
by  top  companies 
looking  for  skilled  IT 
professionals  like  you! 


IT 


careers 


800-762-2977 


Trustek,  Inc.  Consulting  firm  is 
seeking  Software  Engrs.  w/MS 
&  min.  1  yr.  exp  or  equiv.  &  Prog. 
Analysts  w/BS  &  3  yrs.  exp.  or 
equiv.  Travel/Relo  required  any¬ 
where  in  US. 

C,  C++,  NT,  UNIX.  Shell,  Sy¬ 
base,  .Net  Studio,  VB.Net,  ASP- 
Net,  SQL  Server,  JavaScript, 
VBScript,  CORBA,  ASP,  COM/ 
DCOM,  Crystal  Reports,  Archi¬ 
tecture,  Erwin,  Developer  2K, 
PL/SQL.  SQL'Plus,  Forms, 
Reports,  Designer  2K,  Modeling, 
Java,  JSP.  XML,  XSL,  J2EE, 
EJB,  WebSphere,  WebLogic, 
UML,  Rational  Rose,  JDK,  Data¬ 
warehousing,  ETL,  OLAP,  Infor- 
matica,  Cognos,  Brio,  Business 
Objects,  SUN.  Solaris,  HP-UX, 
Veritas,  EMC,  SAN,  OpenView, 
Oracle  Clinical,  ClinTrial,  SAS, 
FDA  regulations,  Validations, 
Oracle  Applications,  nQuery, 
PeopleTools,  PeopleCode,  Peo- 
pleSoft,  SAP  R/3,  SapScript, 
SmartScript,  IDocs,  ALE,  EDI, 
BASIS.  ABAP,  BW,  APO,  SEM, 
SCM,  ITS,  Adaytum,  Cognos 
Business  Suite. 

Applicant  should  also  have  exp. 
in  interface  w/hardware  &  soft¬ 
ware,  provide  functional  imple¬ 
mentation,  config.  train,  analyze, 
implement,  code,  test,  backup, 
install,  manage,  customize,  tun¬ 
ing,  AS-IS  study,  Internet/Intra¬ 
net  applications,  stored  proce¬ 
dures.  triggers  Create  database 
tools,  tables,  files,  roles,  index¬ 
es,  space  management  and  re¬ 
organize.  Apply  w/resumes  to 
Attn:  Recruiter,  6  Kilmer  Road, 
Suite  Q,  Edison,  NJ  08817. 


Software  Engineer 
(Parlin,  NJ) 

IT  consulting  comp  for  its  clients 
nationwide  seeks  software  engi¬ 
neers  with  M  S.  and  2  yr  of  exp 
or  B.S.  and  5  yr  of  progressive 
exp  in: 

•  Java/J2EE  tech.  Also,  req.  at 
least  2  yrs  exp.  in  fin  appl  w /  adv 
Java  Imaging  tech.  incl.  JAI  API, 
Snowbound  Raster  Master  Java 
Imaging  Toolkit,  Java  Encryption 
and  Cryptography  and  XML  on 
Oracle  and  SQL  db  environ. 

•  Analysis,  des,  dev  and  deploy¬ 
ment  of  fin  s/w  sys  w /  adv  graph¬ 
ic  utilities  for  customer  specific 
data  analysis,  data  visualization 
with  3D  graphical  images,  gen¬ 
eration  of  highly  customizable 
reports  and  secured  web  ser¬ 
vices  using  NET  tech,  VC++. 
TGS  Open  Inventor  Graphics 
Library,  Inter  and  Intra  Process 
Comm,  SOAP,  XML,  XSL,  SQL 
Server  and  SQL  Reporting 
Services. 

Systems  Administrators  w /  exp 
in  Unix  &  Web  Appl.  Server 
Admn  for  providing  supp  in  pro¬ 
duction,  dev,  testing  and  staging 
environ. 

Send  resume  to:  HR,  Resource 
Logistics  Inc.,  499  Ernston  Rd, 
B-12,  Parlin,  NJ  08859. 


IT  CAREER  OPPORTUNITIES 

CA  (CORP  HQ  is  in  CA.  Current 
worksite  is  Broomfield  CO  and 
other  sites  throughout  the  U.S. 
as  assigned)  - 

Software  developer  -  BA/BS. 
Will  accept  addnl  yr  of  employ¬ 
ment  for  every  yr  of  college  not 
completed.  In  addition  to  BA/BS, 
position  requires  2  years  of  exp 
with  Scopus,  TCL,  Java,  and 
Siebel. 

CT  -  Computer  Scientist  -  BS. 

Will  accept  addnl  yr  of  employ¬ 
ment  for  every  yr  of  college  not 
completed.  In  addition  to  BS, 
position  requires  1  year  with 
MVC,  J2EE,  JSP,  Javascript 
Servlets,  HTML 

The  flexibility  to  travel  and  be  on 
call  may  be  necessary.  Proof  of 
legal  authorization  to  work  in  the 
U.S.  is  required. 

Please  forward  your  resume  to 
Computer  Sciences  Corp.,  Attn: 
J.  Le,  2100  E.  Grand  Ave.,  Mai! 
Code  A209,  El  Segundo,  CA 
90245.  Please  indicate  the  spe¬ 
cific  occupation  and  location  for 
which  you  are  applying. 


Radiant  Systems  Inc.,  a  nation¬ 
wide  technology  provider  with 
offices  in  NJ,  CT,  Tx  &  FL  re¬ 
quires  managers,  team  leaders, 
and  professionals  at  entry,  mid 
and  senior  levels  in  the  areas  of 
systems  and  program  analysis, 
software  engineering  and  devel¬ 
opment,  network  engineering 
and  administration,  database 
administration,  web  design  and 
development,  technical  writing 
and  marketing.  Master's  degree 
in  a  relevant  field  and  1-3  years 
of  experience  or  bachelor's 
degree  with  2-5  years  experi¬ 
ence  required.  Proficiency  in 
several  of  the  following  skills  is 
expected:  C, C++, Java. Java¬ 
Script.  XML,  UML,  Perl,  HTML, 
SQL,Pro*C,  VB.PB,  VC++.MFC, 
SDK,  Gupta-SQL,  Informix,  Cry¬ 
stal  Reports, Sybase,  Dev  2000, 
Lotus  Notes, Unix. Win  NT/95/XP, 
RTOS.Sun  OS,  Help  Desk/PC- 
Support.SAP  R/2-R/3,  ABAP/4, 
SAP  Scripts,  PeopleSoft,  IDMS, 
AS/400.  COBOL/CICS/DB2, 
MVS.  RPG/400.SQA,  Win/Load 
Runner.  SNMP.  COBRA,  ASP. 
Active-X.DTM/TDMA.FDMA, 
LAN,  WAN,  Proxy,  Wild  Packets, 
Cisco  works,  IOS,  Concord, 
nGenius,  VPN.  Pix,  Qos.  Rout¬ 
ers,  DSP/ATM. FRAME  RELAY. 
TCP/IP, ISDN,  DCOM,  COM, 
PL/1, SAS.Vx-Works,  VHDL, 
SONET/SDH,  SNMP, HP  Open- 
View.Proj  Mgr, Tech  Writers.  We 
require  a  tertiary  degree  w /  rele¬ 
vant  experience.  Excel.  Bene¬ 
fits,  travel  and  relocation  re¬ 
quired.  E-Mail:  radiants@ 
radiants.com  Attn:  H  R.  Dept. 
109-A  Corporate  Blvd.,  S 
Plainfield,  NJ  07080. 


Computer/Information  Sys¬ 
tems  Manager-Manhattan: 
Eclaro  Inti,  Inc.  needs  exp. 
Professionals  to  plan  direct, 
coordinate  activities  in  infor¬ 
mation  systems  using  Orac¬ 
le  Financials,  MQ  Series, 
COM/DCOM,  ASP,  Crystal 
Reports,  COM+.  Streamline 
the  IT  process.  Competitive 
Salary  with  benefits.  Please 
send  resume  to  Eclaro  Inti 
Inc.  200  West  57th  Street, 
NY,  NY10019.  Fax  212- 
258-2115. 


TECHNOCREST  SYSTEMS, 
INC.  -  Worth,  IL  Seeking  a  Com¬ 
puter  Support  Specialist  to  pro¬ 
vide  technical  assistance  to 
computer  systems  users  in  per¬ 
son,  via  telephone  or  from  re¬ 
mote  location  for  multiple  posi¬ 
tions.  Travel  to  client  office  work 
stations  to  handle  troubleshoot¬ 
ing  and  repair  and  perform  war¬ 
ranty  services  for  DELL,  Com¬ 
paq,  Apple  and  IBM  desktop  and 
laptop  computers.  Requires 
Bachelor's  degree  in  Computer 
Science  or  Electronic  Engineer¬ 
ing.  Send  Resume  to:  Human 
Resources,  Technocrest  Syst¬ 
ems,  Inc.  3125  S.  Pickwick 
Place,  Springfield,  MO  65804 
job  code:  TSI0593. 


EDS  is  looking  for  a  Human  Re¬ 
source  Specialist  Senior  for  its 
Plano,  Texas  location  to  provide 
specialized  support  for  human 
resource  related  programs,  poli¬ 
cies  and  initiatives.  Requires 
Bachelors  degree  in  Actuarial 
Science  and  three  (3)  years  of 
experience  in  creating,  deploy¬ 
ing  and  administering  global 
graded  structure  and  job  evalua¬ 
tion  method.  To  apply,  submit 
resume  to  Pat  Simmons,  Global 
Compensation/Incentive, 
Strategy  &  Design  Manager, 
EDS,  5400  Legacy  Drive,  Piano, 
TX  75024;  in  reference  to  1120- 
J. 


ITM  Business  Consultant/Project  Lead.  Implement  range  forecasting  me¬ 
thodology  using  real  pricing  option  approach  within  Purchasing  &  Supply 
to  reduce  premium  cost  payments  &  volume  shortages  within  company 
supply  chain.  Lead  &  execute  multi-million  dollar  inti  projects  involving 
large  numbers  of  subordinates  &  sub-contractors,  emphasizing  total  qual¬ 
ity  of  IT  infrastructures,  mapping  business  processes  up  front,  analyzing 
processes  to  identify  &  reduce  non-value-added  steps  &  eliminate  “vital 
few"  root  causes  of  process  deficiencies  to  increase  overall  profitability  & 
quality.  Interview  vendors  &  customers  at  initial  planning  phase  to  specify 
requirements.  Use  process  improvement  tools  &  methodologies  to 
streamline  divergent  philosophies  among  project  stakeholders  &  reduce 
overall  process  deficiencies.  Interface  between  business  customers  & 
Dept  to  manage  projects  &  solve  problems  with  roots  in  multiple  depts 
including  Sales  &  Marketing,  Procurement  &  Supply,  Finance,  Engrg,  & 
Mfg.  Lead  cross-functional  teams  to  facilitate  consensus  between  depts. 
Disassemble  complex  tasks  into  assignable  work  packages.  Solicit  &  pre¬ 
sent  abstract  customer  ideas  in  concrete  forms  such  as  flow  charts. 
Design  systems  &  applications  to  streamline  development  systems  for 
new  vehicles,  maintaining  holistic  understanding  of  design  process  in 
order  to  integrate  all  aspects  of  projects  appropriately.  Implement  soft¬ 
ware  systems  using  LCM  process,  including  initiation,  requirements  gath¬ 
ering,  system  testing,  &  final  implementation.  Assess  value  of  projects  to 
align  cost  with  output.  Coordinate  offshore  vendors  &  measure  vendor 
performance.  Assess  projects  to  ensure  that  contractual  obligations  such 
as  risk,  deadlines,  &  cost  are  met.  Measure  business  customer  satisfac¬ 
tion  using  ITM  Project  Quality  Index  (PQI).  MBA,  Finance  or  Supply  Chain 
Management.  One  year  of  exp.  in  job  or  Related  Occupation  of  Deputy 
General  Manager.  One  year  of  Related  Occupation  experience  must 
include  leading  &  executing  multi-million  dollar  inti  construction  or  other 
projects  involving  large  numbers  of  subordinates  &/or  sub-contractors, 
emphasizing  total  quality  of  IT  infrastructures,  mapping  business  process¬ 
es  up  front,  analyzing  processes  to  identify  &  reduce  non-value-added 
steps  &  eliminate  “vital  few"  root  causes  of  process  deficiencies  to 
increase  overall  profitability  &  quality,  which  may  be  concurrent  with 
Related  Occupation  experience.  Apply  to  Vivica  Richter,  DaimlerChrysler 
Corporation,  CIMS  485-08-44,  1000  Chrysler  Drive,  Auburn  Hills,  Ml 
48326. 


Business  System  Analysts  - 
Team  Leader,  wanted  by  propri¬ 
etary  trading  firm  loc  in  Chicago 
to  review,  assess,  assign  & 
monitor  duties,  responsibilities 
tasks  &  projects  to  team  mem¬ 
bers  involved  in  the  dvlpmt  of 
automated  black-box  trading 
systms  for  securities  trading. 
Utilize  cutting  edge  dvlpmt, 
analysis  &  performance  testing 
tools,  &  modeling  techniques, 
incl  statistical/mathematical  & 
complex  systm  modeling,  Gen¬ 
etic  &  Evolutionary  Algorithms, 
automated  Artificial  Agent-based 
modeling,  unconventional  opti¬ 
mization  techniques  &  std  tech'l 
analysis.  Must  have  MS  Deg  in 
Comp  Sci  or  Engg  &  6  mos  exp 
in  job  offd  or  any  System  Analyst 
Position.  Mail  resume  to:  Renee 
Whittingham,  Jump  Trading, 
LLC  600  W.  Chicago,  Ste.  825, 
Chicago,  IL  60610.  No  calls. 


Systems  Analyst.  Design  syst, 
resolve  issues  of  virus  and  inter¬ 
ferences.  Tools:  Java,  C/C++,  Perl, 
SQL,  PL/SQL,  CORBA  and 
WebLogic.  Req.  3  yrs.  exp.  or  as 
a  Prog  analyst  with  tools  above. 
Senior  Application  Analyst 
Programmer.  R/D  call  Server 
switch,  succession,  migration,  SS7, 
PRI,  DAL,  Tandem  Trunks,  VoIP, 
Batch  processes.  Tools:  PL7SQL, 
Scripts.  J2/SSE/J2EE,  XML,  SAX, 
JDBC.  Req.  B/Eleclronic  Eng.  w/2 
yrs.  exp.  or  as  an  App.  Analyst  Prog. 
Software  Engineer.  R/D  spec, 
bus.  web-based  applic.,  create 
PL/SQL  routines.  Tools:  J2EE, 
JAVA.  JSP,  HTML,  NML,  EJB. 
Req.  MBA  w/1  yr.  exp. 
Send  resume  to  M.  Amaran, 
JMA  Chartered,  10551  Barkley, 
Ste.  400,  Overland  Park,  KS  66212 


Software  Engineer:  Req'd  BS 
in  CS  or  Engr  +  2yrs  exp  & 
ability  in  Enterprise  Plumtree 
Portal  s/ware,  Crystal  Reports, 
C#,  .Net,  IIS  &  Java  to  dvlp, 
support  apps/modules  in  exist¬ 
ing  portal  applies;  perform  MS- 
SQL  performance  tuning  & 
data-modeling  to  support 
warehouse  &  complement 
apps.  Dsgn  &  dvlp  modules  for 
SQL  server  &  other  MS  tech¬ 
nologies.  Debug  existing  mod¬ 
ules  &  w/DBA.  Guggenheim 
Services  NY,  NY.  E-mail  CV  to 
resumeHR@guggenheim 
partners.com. 


Trinuc  seeks  software  analyst  to 
develop  One-Warehouse  project 
to  agglomerate  data  sources 
using  Oracle9i,  ITPapers.com- 
Recent  aBusiness  Intelligence- 
Data  Warehousing  White 
Papers.  Require  MS/BS+5yr  IT 
exp.  Send  resume  to  830  S. 
Buffalo  Grove  Rd,  #105,  Buffalo 
Grove,  IL  60089. 

HIDEF  Technologies  seeks  IT 
Consultants.  Duties:  design, 
develop,  administer  &  imple¬ 
ment  software,  computer  &  data¬ 
base  using  various  skills  such  as 
Oracle,  DB2,  Java,  EJB, 
WebTech,  SAP,  VB,  C/C++,  etc. 
Travel  required.  Apply  at 
info@hideftech.com.  EOE 


Computer  Professionals  need¬ 
ed  (Princeton  Junction)  NJ 
based  IT  firm,  Jr.  Level  Posi¬ 
tions  Programmer  Analysts, 
Software  Engineers,  Systems 
Analysts,  to  Develop,  create, 
and  modify  general  computer 
applications  software  or  special¬ 
ized  utility  programs.  Analyze 
user  needs  and  develop  soft¬ 
ware  solutions.  Sr.  Level  Posi¬ 
tion,  IT  Managers,  MIS  Manag¬ 
ers,  ITS  Directors  needed  to 
Plan,  direct,  or  coordinate  activ¬ 
ities  in  such  fields  as  electronic 
data  processing,  information 
systems,  systems  analysis,  and 
computer  programming.  Apply 
with  2  copies  of  resume  to 
H.R.D,  22nd  Century  Technolo¬ 
gies,  Inc,  186  Princeton  Highs- 
town  Rd,  Building  3A,  Princeton 
Junction,  NJ  08550. 


Team  Leader  (MIS  Software 
Application)  needed  w/Masters 
in  Comp  Sci  or  Engg  or  Math  & 
1  yr  exp  to  dsgn  &  prgm  object- 
oriented  S/W  &  GUIs  incl  gener¬ 
ating  dsgn  diagrams,  writing 
specs,  coding  &  testing  using 
Java,  CORBA,  Swing,  C  &  C+  + 
on  Unix,  Linux  &  Windows.  Write 
Unix  scripts  using  Korn  Shell, 
Bourne  Shell,  awk  &  Perl  to  con 
figure,  build,  load  data  &  monitor 
S/W  systm.  Apply  d/base  systm 
to  perform  data  processing 
using  proprietary  D/base  Mgmt 
Systm,  Oracle  &  Pro*C.  Write 
SQL  queries  for  S/W.  Trouble¬ 
shoot  systm  failure,  diagnose 
errors  &  fix  bugs.  1  yr  exp  as  Sr. 
Systms  Analyst  is  acceptable. 
Mail  resumes  to:  Algomod  Tech¬ 
nologies  Corp.,  116  John  St,  Ste 
1406,  NY.  NY  10038.  Job  Loca¬ 
tion:  NY,  NY. 
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E-voting  Grows  Without  Consensus 


BY  MARC  L.  SONGINI 

State  and  local  election  offi¬ 
cials,  looking  to  meet  federal 
voting  regulations,  are  buying 
electronic  voting  gear  despite 
a  lack  of  best  practices  guid¬ 
ance  and  money. 

The  deadline  for  meeting 
the  mandates  of  the  Help 
America  Vote  Act  (HAVA), 
which  requires  that  an  e-voting 
machine  be  installed  at  every 
polling  location,  is  the  first 
election  after  Jan.  1,  2006. 


BY  THOMAS  HOFFMAN 

It's  a  dream  situation  that  most 
CIOs  never  get  to  experience  - 
the  chance  to  build  an  IT  organi¬ 
zation  from  the  ground  up.  That's 
essentially  what  Sam 
Coursen  is  doing. 

Coursen,  formerly  CIO  at 
NCR  Corp.,  was  hired  as 
vice  president  and  CIO 
in  August  by  Freescale 
Semiconductor  Inc.  in 
Austin  to  help  develop  a 
set  of  world-class  IT 
processes.  Coursen  dis¬ 
cussed  his  plans  with  Computer- 
world  before  heading  to  the  IT 
Financial  Management  &  Asset 
Management  Summit  in  Orlando. 

Why  did  you  leave  NCR  to 

join  Freescale?  At  NCR,  I  went 
through  the  entire  transforma¬ 
tion  of  IT.  I  felt  that  I  did  what  I’d 
hoped  to  accomplish.  I  was  will¬ 
ing  to  listen  to  offers,  and  I 
thought  [Freescale]  would  be 
a  good  challenge. 

You  were  at  NCR  during 
some  turbulent  times.  Over 
the  seven  years  I  was  at  NCR, 

I  had  seven  different  bosses. 

I  worked  for  Mark  Hurd  [former 
NCR  CEO,  now  Hewlett-Packard 
Co.  CEO]  the  last  couple  of 
years.  At  the  end,  there  wasn’t 
a  senior  executive  who  was 
there  when  I  started. 


Governments  are  buying  the 
gear  in  the  midst  of  a  continu¬ 
ing  controversy  over  the  relia¬ 
bility  and  security  of  e-voting 
machines,  the  lack  of  a  so- 
called  paper  trail  of  votes  from 
some  systems,  and  the  fact  that 
there  are  few  lists  of  systems 
and  best  practices  certified  by 
state  or  federal  agencies. 

Complaints  last  week  from 
some  election  officials  came 
days  after  the  Government  Ac¬ 
countability  Office  issued  a  re- 


What  are  your  plans  for  Free¬ 
scale?  I  put  on  the  calendar 
plans  to  put  together  an  IT  strat¬ 
egy  with  the  CEO  after  two 
months.  I’ve  just  gone  through 
that.  There  are  two  areas 
I  would  mention.  The  first 
is  that  IT  in  and  of  itself  is 
an  important  function 
with  a  lot  of  complexity. 
You  have  to  understand 
where  you  are,  break 
everything  into  detail, 
benchmark  everything 
and  drive  efficiency  in 
the  IT  process.  A  CIO  [also 
must]  help  everyone  else  opti¬ 
mize  their  processes. 

A  second  area  is  supply 
chain.  A  certain  amount  of 
progress  on  having  an  applica¬ 
tion  portfolio  is  part  of  this,  but 
there  are  gaps.  For  instance, 
we  have  one  instance  of  SAP, 
but  not  all  of  the  functions  are 
in  there.  That’s  partly  true  of 
legacy  systems,  too. 

What  are  some  of  those 
missing  functions?  Orders  are 
placed  into  a  legacy  system  first 
and  then  entered  into  SAP.  What 
we’re  trying  to  do  is  optimize  the 
supply  chain,  where  IT  can  add 
value  to  the  business.  The  more 
you  can  drive  optimization  and 
improve  the  yield  out  of  these 
plants,  it  can  be  a  huge  benefit 
to  the  company.  ©  57836 


port  contending  that  questions 
about  the  security  and  accura¬ 
cy  of  electronic  voting  systems 
are  likely  to  continue  into  the 
2006  elections. 

The  GAO  called  on  the  U.S. 
Election  Assistance  Commis¬ 
sion  to  define  security  policies 
and  set  up  a  machine  certifica¬ 
tion  program. 

HAVA  was  passed  after  the 
controversial  2000  presiden¬ 
tial  election  in  order  to  correct 
shortcomings  in  voting  prac¬ 
tices  and  equipment.  It  man¬ 
dates  a  number  of  changes  to 
improve  the  reliability  of  bal¬ 
loting  systems  and  processes. 

Voting  districts  not  meeting 
the  deadline  face  penalties  is¬ 
sued  by  the  U.S.  Department 
of  Justice,  said  a  spokeswoman 
for  the  Election  Assistance 
Commission,  which  is  charged 
with  helping  to  implement 
HAVA  mandates. 

One  of  the  bones  of  con¬ 
tention  is  that  no  guidelines 
have  been  set  up  to  ensure 
that  machines  meet  the  feder¬ 
al  requirements,  officials  said. 
For  example,  a  number  of 
local  officials  want  to  imple- 


Continued  from  page  1 

Politics 

agement  techniques  and  soft¬ 
ware  would  remove  politics 
from  discussions  between  IT 
and  business  executives  about 
which  IT  projects  to  fund. 

Those  managers  argued  that 
the  tools  can  calculate  and 
rank  projects  that  are  expect¬ 
ed  to  have  the  greatest  impact 
on  an  organization  by  using  a 
variety  of  metrics,  such  as  re¬ 
turn  on  investment,  net  pre¬ 
sent  value  and  internal  rate  of 
return.  Some  IT  executives 
said  they  believed  that  such 
rankings  could  defuse  the  po¬ 
litical  wrangling  that  typically 
accompanies  budgeting  dis¬ 
cussions. 

But  in  hindsight,  those 


Report  Highlights 

A  GAO  report  to  Congress  this 
month  said  e-voting  systems  con¬ 
tinue  to  suffer  from  the  following: 

■  Design  flaws 

■  Poor  security  management 

■  Incorrect  configuration 

■  Inadequate  version  controls 

■  Security  flaws  that  could 
encourage  hackers 

■  Ballots  and  audit  logs  that 
could  be  modified 

■  Lack  of  widespread  govern¬ 
ment  certification  of  systems 

ment  e-voting  systems  that 
provide  paper  trails,  but  there 
are  no  federal  criteria  for  do¬ 
ing  so. 

“The  [GAO]  report  buttress¬ 
es  what  we’ve  been  saying,” 
said  Ion  Sancho,  supervisor 
of  elections  in  Florida’s  Leon 
County,  which  uses  optical 
scan  devices  that  have  to  be 
supplemented  with  e-voting 
machines  under  the  HAVA  law. 
“There  are  concerns  [that] 
need  to  be  addressed,”  he  said, 
citing  both  potential  electronic 
and  human  errors. 

The  government  is  forcing  a 
rush  into  e-voting  without 


proclamations  were  either 
naive  or  misguided,  several 
conference  attendees  said. 

“To  be  a  successful  CIO,  you 
have  to  learn  not  to  take  sides 
in  the  budget  battle,”  said  Russ 
Finney,  vice  president  and 
CIO  at  Tokyo  Electron  Ameri¬ 
ca  Inc.,  an  Austin-based  sub¬ 
sidiary  of  Tokyo  Electron  Ltd. 
that  makes  semiconductor 
manufacturing  equipment. 

Finney  said  he  listens  to  all 
sides  in  discussions  about 
funding  specific  IT  projects 
and  tries  to  consider  the  dri¬ 
vers  behind  each  of  them  in 
order  to  make  an  objective  de¬ 
cision.  That  technique  is  par¬ 
ticularly  useful  when  it  falls 
upon  him  to  break  a  dead¬ 
locked  vote,  he  noted. 

Still,  Finney  acknowledged 
that  the  budgeting  process  at 


having  established  adequate 
technological  guidelines,  said 
Matthew  Zimmerman,  staff 
attorney  at  the  San  Francisco- 
based  Electronic  Frontier 
Foundation,  a  civil  rights  ad¬ 
vocacy  group  that  focuses  on 
technology  issues. 

To  ensure  that  e-voting  ma¬ 
chines  are  accurate,  the  com¬ 
monwealth  of  Pennsylvania 
mandated  that  vendors  pro¬ 
vide  source  code,  said  Leonard 
Piazza,  director  of  elections  in 
Luzerne  County,  Pa. 

Currently,  Luzerne  County 
uses  lever-activated  devices, 
but  $5  million  has  been  set 
aside  to  buy  e-voting  machines, 
Piazza  said.  The  county  hopes 
to  buy  machines  that  offer  pa¬ 
per  trails  but  is  awaiting  a  list 
of  machines  that  have  been 
certified  by  the  state,  he  said. 

The  matter  of  vote  validity 
aside,  there  is  still  the  cost  to 
consider,  said  some  officials. 
For  example,  Lubbock  County, 
Texas,  installed  $2.6  million 
worth  of  e-voting  machines 
from  Austin-based  Hart  Inter- 
Civic  Inc.,  said  County  Com¬ 
missioner  Ysidro  Gutierrez. 
The  cost  “was  a  financial  bur¬ 
den  to  the  county,”  Gutierrez 
said.  ©  57866 


Tokyo  Electron  “is  very  poli¬ 
tical.  That’s  why  we  only  do 
budgets  every  six  months  — 
if  we  had  to  do  them  every 
quarter,  we’d  be  at  each  oth¬ 
er’s  throats,”  he  said. 

Still,  one  IT  executive  at  the 
conference  said  he  sees  an  up¬ 
side  to  the  situation. 

“Some  of  the  tools  are  pret¬ 
ty  slick,  and  some  of  them  en¬ 
able  conversations  to  happen” 
between  IT  and  business  exec¬ 
utives  about  which  projects  to 
fund,  said  Michael  M.  Blake, 
vice  president  of  finance  for 
IT  at  Kaiser  Permanente  in 
Oakland,  Calif. 

“I’m  a  big  advocate  of  con¬ 
versations,  and  we  can  use 
these  tools  as  a  vehicle  to  drive 
those  discussions  and  make 
those  decisions,”  he  added. 

©  57870 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 

Losers  and  Winners 


WAS  THIS  SUIT  REALLY  NECESSARY?  Last  week, 

VeriSign  and  the  Internet  Corporation  for  As¬ 
signed  Names  and  Numbers  announced  that 
they’re  settling  their  lawsuit.  What?  You’ve  forgot¬ 
ten  exactly  what  VeriSign  sued  ICANN  for?  No 
surprise  there.  You  have  to  think  back  more  than  two  years,  to  when 
VeriSign  got  fed  up  with  ICANN’s  slow,  politicized  decision  process 
and  slammed  a  new  service  called  Site  Finder  into  place  —  a  service 
that  VeriSign  hoped  to  make  money  from,  but  that  some  said  threat¬ 
ened  the  stability  of  the  Internet. 

Two  years  and  plenty  of  shouting  later,  what  have  we  got? 


Realistically,  both  sides  lost.  VeriSign,  which 
keeps  track  of  all  .com  domain  names,  had  chal¬ 
lenged  ICANN’s  right  to  run  the  Internet;  un¬ 
der  the  settlement,  VeriSign  agrees  it  won’t  act 
in  any  way  to  undermine  ICANN  in  the  future. 
VeriSign  also  insisted  two  years  ago  that  it 
could  start  up  new  domain-name-related  ser¬ 
vices  without  ICANN’s  permission;  under  the 
settlement,  it  can’t. 

Oh,  and  VeriSign  previously  claimed  that  all 
.com  domain  information  was  proprietary  data 
that  ICANN  couldn’t  have  if  ICANN  stripped 
VeriSign  of  its  rights  as  a  registrar.  Under  the 
settlement,  VeriSign’s  domain  name  data  will 
be  kept  in  escrow  and  updated  daily.  If  Veri¬ 
Sign’s  agreement  to  run  the  .com  registry  is 
terminated  or  VeriSign  goes  bankrupt,  all  that 
data  will  go  to  a  new  .com  registrar. 

On  ICANN’s  side,  the  Internet’s  primary  gov¬ 
erning  body  had  claimed  it  could  make  deci¬ 
sions  on  the  basis  of  whether  competition  was 
encouraged.  No  more;  the  settlement  says  all 
competition  issues  will  be  referred  to  the  ap¬ 
propriate  government  agencies. 

And  the  loose  and  seemingly  endless  process 
ICANN  used  to  make  decisions 
about  proposals  for  new  services 
(VeriSign  complained  that  some  of 
its  proposals  were  up  in  the  air  for 
years)  is  gone,  at  least  for  VeriSign. 

Now  there’s  a  tight  90-day  schedule 
for  ICANN  to  submit  VeriSign’s 
proposals  to  an  expert  committee 
and  deliver  a  final  decision  based 
on  the  committee’s  analysis. 

(Full  disclosure:  I  suggested  that 
kind  of  fast-track  process  should  be 
set  up  almost  exactly  two  years  ago, 
after  the  first  blowup  over  Veri¬ 
Sign’s  Site  Finder  service.  But  I  have 


no  reason  to  believe  VeriSign  and  ICANN 
didn’t  come  up  with  the  idea  on  their  own.) 

So  —  if  both  sides  lost,  did  we  really  have  to 
go  through  all  this?  The  very  public  battle  over 
Site  Finder,  an  antitrust  lawsuit  that  was  thrown 
out,  then  a  breach-of-contract  suit  that  this 
agreement  settles? 

Yeah,  probably. 

Or  at  least  VeriSign  and  ICANN  had  to  go 
through  it.  See,  even  after  the  dot-com  bust, 
there  was  plenty  of  Wild  West  left  in  the  Inter¬ 
net.  In  2003,  the  biggest  gunslinger  in  town  was 
VeriSign,  while  ICANN  was  the  sheriff  who  did 
pretty  much  what  he  wanted.  And  when  those 
two  clashed,  it  was  bound  to  be  one  gunfight  af¬ 
ter  another  until  someone  finally  put  a  stop  to  it. 

That  someone  would  have  been  a  judge  if 
VeriSign  and  ICANN  hadn’t  settled  last  week. 
Two  years  ago,  even  last  year,  they  weren’t 
ready.  VeriSign  had  to  slog  through  the  legal 
mud  and  see  its  antitrust  claims  tossed  out. 
ICANN  had  to  watch  its  sloppy  procedures 
exposed  and  know  that  the  International  Tele¬ 
communication  Union  was  angling  to  take  con¬ 
trol  of  the  Internet  away  from  ICANN. 

Now,  bruised  but  wiser,  VeriSign 
and  ICANN  are  ready  to  put  their 
cowboy  suits  away.  No  more  gun- 
slinging,  no  more  playing  at  Wild 
West.  They’re  ready  to  get  down  to 
the  business  of  putting  the  Internet 
to  work. 

Good  for  them.  And  good  for  the 
rest  of  us,  too. 

Because  if  we  end  up  with  better 
Internet  governance,  more  cooper¬ 
ation  and  improved  stability  and 
security,  then  —  necessary  or  not 
—  maybe  VeriSign  v.  ICANN  was 
worth  the  trouble  after  all.  ©  57833 


frank  hayes,  Computer- 
world’s  senior  news  colum¬ 
nist,  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

frank_hayes@computerworld.com. 


Think  Different 


Panicked  user  reports  that  a  CD-ROM  not  only  won’t 
play  but  won’t  eject,  either.  “She  shoved  the  CD  in  the 
slit  between  the  expansion  bay  covers,”  says  pilot  fish 
who  extracts  the  CD.  “While  she’s  effusively  thanking 
me,  I  tell  her  that  I’m  going  to  make  sure  she  never  has 
this  problem  again.  I  dig  into  my  superimpressive  tool 
bag  that  has  one  of  everything  in  it  and  come  up  with 
a  roll  of  clear  tape  -  which  I  proceed  to  use  to  tape 
over  all  the  slits  between  the  expansion  bays.” 


Too  Far 

Netadmin  asks 
operator  to  put  a 
tape  in  the  right- 
hand  unit  of 
three  tape  drives  for  the 
weekend  backup.  But  on 
Monday,  netadmin  com¬ 
plains  to  pilot  fish  that 
the  tape  was  put  in  the 
center  drive  instead. 
What  happened?  fish 
asks  operator.  “I  placed 
the  tape  in  the  right- 
hand  drive,”  operator 
says,  pointing  to  the 
center  drive.  Why  didn’t 
you  put  the  tape  in  here? 
fish  asks,  pointing  to  the 
right-hand  drive.  Opera¬ 
tor  points  to  the  three 
drives:  “Well,  you  have 
left,  right  and  far  right.” 
Sighs  fish,  “By  the  end 
of  the  day,  the  drives 
had  numbers  on  them.” 

Too  Small 

Pilot  fish  has  tried  for 
weeks  to  get  the  CIO’s 
office  at  headquarters  to 
open  a  port  in  the  fire¬ 
wall  so  a  contractor  can 
do  his  work.  “The  con¬ 
tractor  had  been  on-site 
for  a  week  by  this  time 
and  had  only  a  week  left 
to  complete  the  job,” 
says  fish.  “Finally,  in  ex- 


couldn’t  read 
the  spread¬ 
sheet,  since 
the  font  was 
too  small  - 
would  we  please  redo  it 
in  a  larger  size?” 

Too  Literal 

User’s  PC  hard  drive  is 
damaged,  but  support 
pilot  fish  manages  to 
recover  the  files  in  key 
directories  and  copies 
them  to  a  new  drive. 
Still,  user  is  furious: 
“Where  the  @#$%!  are 
all  my  files?”  Where 
were  the  files  that  are 
missing  now?  fish  asks. 
“I  used  to  save  them  in 
that  cute  can.”  Huh?  “I 
use  those  files  a  lot,  and 
that  icon  says  ‘Recycle,’ 
so  I  thought  it  was  a 
good  place  to  put  the 
files  that  I  reuse.” 

Too  Difficult 

Newly  hired  user  to  IT 
manager  pilot  fish:  “My 
mouse  pad  is  missing. 

Do  you  have  another?” 
Fish:  No,  but  you  can  get 
an  office  supply  catalog 
from  purchasing,  pick 
out  one  you  like  and 
have  them  order  it.  New 
hire  leaves  -  only  to 


SHARK 

TANK*. 


asperation,  one  of  our 
techs  sent  a  spreadsheet 
to  the  help  desk  outlining 
everything  we  had  done 
to  get  this  request  com¬ 
pleted.  We  received  a 
response  saying  they 


return  minutes  later: 
“My  boss  says  you  have 
to  order  me  a  mouse 
pad.  She  says  you’re  the 
only  one  who  knows 
what  kind  is  compatible 
with  our  system.” 


OY0U  KNOW  WHAT’S  COMPATIBLE:  True  tales  of  IT 
life.  Send  them  to  sharky@computerworld.com,  and 
you’ll  score  a  sharp  Shark  shirt  if  I  use  yours.  And  check  out 
the  daily  feed,  browse  the  Sharkives  and  sign  up  for  Shark 
Tank  home  delivery  at  computerworld.com/sharky. 
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The  new  industry  standard  x64  servers  from  Sun. 
Faster  performance,  lower  power  bills  and  less  real 
estate  equal  increased  CFO  happiness. 


Now  you  can  run  Solaris "  (our  favorite),  Windows  and  Linux  on  our  industry  standard  X64  servers  powered  by  AMD  Opteron"  processors.  If  56% 


power  and  cooling  savings  over  Xeon1  doesn’t  leave  you  grinning,  your  overhauled  bottom  line  will.  To  learn  more,  visit  sun.com/savepower. 
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So  Standard,  It's  Hot-Pluggable 
With  Your  Existing  Software 

J2EE  —  Enterprise  Portal  —  Identity  Management — Integration  —  Data  Hub  —  Business  Intelligence 
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